Cyberattacks Disrupt Systems of South Korean TV Networks and Banks

North Korea is the main suspect, but officials have failed to name anyone

  South Korea hit by cyberattacks. North Korea is the main suspect
A few days ago, we learned that South Korea was preparing for potential cyberattacks launched by their adversaries from the north. It turns out that Seoul was right to be afraid since, on Wednesday, the systems of three TV networks and several financial institutions were disrupted by cyberattacks. 

A few days ago, we learned that South Korea was preparing for potential cyberattacks launched by their adversaries from the north. It turns out that Seoul was right to be afraid since, on Wednesday, the systems of three TV networks and several financial institutions were disrupted by cyberattacks. 

It’s uncertain if North Korea is behind the attacks, but experts say it wouldn’t be surprising, considering that Pyongyang made threats last week after suffering a similar cyberattack.

According to the Yonhap News Agency, the affected broadcasters are KBS, MBC and YTN. Other organizations impacted by the attacks are the Shinhan, Nonghyup and Jeju banks, and a couple of insurance firms.

In the case of Shinhan, the attacks affected Internet banking, mobile banking and event ATMs. TV broadcasts have not been impacted.

Officials report that the computer networks of government organizations don’t appear to have been affected.

Some believe that the incident might have been caused by a breach on Internet service provider LG UPlus, but the company has denied the allegations.

“There have been numerous serious attacks on South Korean networks and systems over the last few years, from recent newspaper site defacements and the most recent network attacks to the so-called ‘Ten Days of Rain’ DDoS attacks on multiple Government sites and the USFK in 2011,” said Christopher Boyd, senior threat researcher at ThreatTrack Security.

“While it's tempting to attribute these attacks to the North given the current state of play in the region, many attacks are not so easy to pin down - the Ten Days of Rain used compromised machines inside South Korea to launch the DDoS attacks, and in 2009 the JoongAng Daily claimed that a South Korean man allegedly purchased infected games in North Korea, only to take them back and infect gamers - using them to DDoS the website of the Incheon International Airport,” Boyd added.

“Recent reports that North Korea itself claims to have been knocked offline by hackers does nothing to clarify the issue, and in this ‘tit-for-tat’ environment we should be wary of attributing any blame until the full facts emerge.”

Updated to include commentary from Christopher Boyd.

1 Comment