March 21 (Bloomberg) -- The biggest cyberattack on South Korean computers in two years used malware code from China, according to an initial investigation that is focusing on possible links to North Korea.
Around 32,000 servers were damaged in yesterday’s attack on broadcasters and banks, the Korea Communications Commission said today in a statement. President Park Geun Hye set up a team to investigate whether North Korea is responsible, after computer shutdowns hit companies including Shinhan Bank, Nonghyup Bank, Munhwa Broadcasting Corp., YTN and Korea Broadcasting System.
The attack occurred less than a month after Park became president of Asia’s fourth-largest economy, and amid an increase in friction over North Korea’s nuclear weapons program. Kim Jong Un’s regime, which detonated an atomic device in February, has threatened to attack the U.S. with nuclear weapons and today said American bases in Guam and Japan are within striking range.
“Discovering that the code was from China makes it more likely that the attack was from North Korea, because a lot of North Korean hackers operate there,” said Ryou Jae Cheol, a professor of computer engineering and securities at Chungnam National University. “Who else would be making this kind of attack at this scale and timing other than North Korea?”
Asked about the finding at a briefing today, Foreign Ministry spokesman Hong Lei said hacking attacks are an “anonymous and transnational problem,” and China wants to work with other nations to bring about a “secure and cooperative cyberspace.”
“By using other countries’ IP addresses, hackers attack some countries’ networks,” Hong said. “This is a common practice used by hackers.”
South Korea’s Kospi Index fell 0.4 percent, following a 1 percent decline yesterday. The won was little changed at 1,115.97 per dollar. The yield on South Korea’s 2.75 percent bonds due December 2015 fell one basis point to 2.59 percent, according to prices from Korea Exchange Inc.
Lieutenant Colonel Damien Pickart, a Pentagon spokesman, today in an e-mailed statement declined to discuss American cybersecurity capabilities, while saying the U.S. “is firmly committed to the defense of Korea in any domain -- to include cyberspace.”
General James Thurman, the commander of U.S. forces in South Korea, last year told Congress that North Korea has “growing cyber warfare capability.”
Kim Jong Un’s regime “employs sophisticated computer hackers trained to launch cyber infiltration and cyber attacks against” South Korea and the U.S., Thurman said last March.
Malware code was distributed through targeted organizations’ servers, destroying their computers’ ability to boot, the Korea Communications Commission said yesterday.
“This is the biggest and most serious cyberattack in two years,” said Shin Hong Sun, an official at the KCC in Seoul. “There haven’t been simultaneous attacks on more than one target since 2011.”
South Korea in 2011 blamed North Korea for attacks on about 40 websites and on Nonghyup that kept almost 20 million clients from using automated teller machines and online banking services.
The country’s worst cyberattack occurred in 2003, when a computer virus shut down servers at the country’s largest Internet service provider, KT Corp., disconnecting 5 million customers from the web, according to Chon Kwan Ho, another KCC official. The police did not find North Korean links in that attack, Chon said.
“The latest attack had a big spillover effect as it paralyzed the country’s largest broadcasters and big financial entities, not just home PCs,” said Dong Hoon Lee, a professor in the cyber defense department at Korea University. “There’s no direct online connection between the North and the South, so if it’s confirmed that the North is to blame, it’s highly likely that the attack reached the South through servers in China.”
MBC spokesman Cha Sun Young and YTN spokesman Han Jeong Ho said their networks haven’t yet returned to normal. A recorded message at KBS said it isn’t accepting calls during its investigation. Of the four biggest media companies, only Seoul Broadcasting System reported being unaffected.
South Korea has been monitoring for possible hacking since North Korea’s nuclear test, the KCC said March 12.
“It’s highly probable that North Korea used Chinese IPs for the attacks,” said Lim Jong In, dean of Korea University’s Graduate School of Information Security. “These are sentimental attacks, aimed at spreading confusion to the whole society by paralyzing media and financial institutions. But it will take some time to exactly track who’s behind this as China is unlikely to actively cooperate.”
Military tensions in the region remained at the highest since at least 2010. North Korea’s Kim led two precision-attack drills using drones and rockets, the official Korean Central News Agency said yesterday. The exercise rehearsed an attack against South Korea, according to the statement.
The U.S. is increasing its defense capability in the region after Kim’s regime this month threatened to use atomic weapons in response to tougher United Nations sanctions.
The U.S. Pacific Air Forces Command successfully carried out its latest B-52 training flight, according to a statement on its website. A B-52 can carry nuclear warheads and air-to-ground missiles with a range of 3,000 kilometers (1,864 miles).
North Korea today reiterated its threats, saying the U.S. “will meet catastrophic end by the strong military counteraction of the DPRK,” if the bombers are flown again over the peninsula. The DPRK is the acronym for North Korea’s official name, the Democratic People’s Republic of Korea.
U.S. Defense Secretary Chuck Hagel said March 15 he will shift $1 billion from a European missile shield to install 14 additional missile interceptors in Alaska against threats by Iran and North Korea.
In a phone call yesterday with Chinese President Xi Jinping, Park reiterated her resolve to “firmly respond” to any attacks, while promising to give aid to North Korea if it gives up nuclear weapons and “chooses the right path,” according to a statement on her website.
To contact the editor responsible for this story: Peter Hirschberg at firstname.lastname@example.org