Bloomberg the Company & Products

Bloomberg Anywhere Login


Connecting decision makers to a dynamic network of information, people and ideas, Bloomberg quickly and accurately delivers business and financial information, news and insight around the world.


Financial Products

Enterprise Products


Customer Support

  • Americas

    +1 212 318 2000

  • Europe, Middle East, & Africa

    +44 20 7330 7500

  • Asia Pacific

    +65 6212 1000


Industry Products

Media Services

Follow Us

S. Korea Says Source of Cyberattack Didn’t Come From China

Don't Miss Out —
Follow us on:
South Korea Says Source of Cyberattack Didn’t Come From China
A researcher inspecting for computer viruses at Hauri Inc., an IT security software vendor, in Seoul on March 21, 2013. Photographer: Chung Sung-Jun/Getty Images

March 22 (Bloomberg) -- South Korean officials said a cyberattack that froze networks at broadcasters and banks this week came from a domestic source and not China, contradicting an initial conclusion.

The malware code was from an Internet Protocol address at Nonghyup Bank, one of the banks affected, that may have originated from abroad, the Korean Communications Commission said in a statement. The agency yesterday said the code came from China, amid speculation North Korea was responsible for the March 20 attack that affected around 32,000 servers.

Confusion over the source of the attack highlights growing threats to cybersecurity, which a U.S. assessment this month listed as the intelligence community’s top concern, ahead of terrorism. The breach occurred as North Korea threatens preemptive nuclear strikes against the U.S. and South Korea, raising regional tensions.

“Even if the attack didn’t come from China, it’s too early to say that it wasn’t from North Korea either,” said Youm Heung Youl, a professor at the department of Information Security Engineering at SoonChunHyang University in Asan, south of Seoul. “The latest attack came through multiple channels, so we can’t conclude what’s behind it yet. All we can say is that it was very systematic and organized, something like a state-sponsored cyberattack.”

Attack ‘Medium’

The networks at Shinhan Bank and Cheju Bank have been fully restored, while 10 percent of the networks at Munhwa Broadcasting Corp., YTN and Korean Broadcasting System are back to normal, according to the commission’s statement.

“The first malware code was found from an Internet Protocol address at Nonghyup Bank, so we investigated it and found that it wasn’t from China but from a domestic source,” Kim Shim Gyum, deputy director at KCC’s network policy bureau, said today by phone. “No other malware coded IPs are found yet, but we are still investigating.”

Nonghyup Bank is checking whether its IP addresses were used in the attack and believes that the code identified as coming from its IP address affected only its own network, bank spokesman Kim Dong Gi said by phone, without elaborating. About 10 percent of the lender’s 8,700 automated teller machines are still have distruptions and the bank aims to fix them by the end of the weekend, he said.

South Korea in 2011 blamed North Korea for attacks on about 40 websites and on closely-held Nonghyup, the Korean name for the National Agricultural Cooperative Federation, that kept almost 20 million clients from using automated teller machines and online banking services.

The bank said at the time it would spend 510 billion won ($456 million) by 2015 to boost network security.

To contact the reporters on this story: Cynthia Kim in Seoul at; Seonjin Cha in Seoul at; Jungah Lee in Seoul at

To contact the editor responsible for this story: Stuart Biggs at

Please upgrade your Browser

Your browser is out-of-date. Please download one of these excellent browsers:

Chrome, Firefox, Safari, Opera or Internet Explorer.