S. Korea Says Source of Cyberattack Didn’t Come From China

South Korean officials said a cyberattack that froze networks at broadcasters and banks this week came from a domestic source and not China, contradicting an initial conclusion.

The malware code was from an Internet Protocol address at Nonghyup Bank, one of the banks affected, that may have originated from abroad, the Korean Communications Commission said in a statement. The agency yesterday said the code came from China, amid speculation North Korea was responsible for the March 20 attack that affected around 32,000 servers.

Confusion over the source of the attack highlights growing threats to cybersecurity, which a U.S. assessment this month listed as the intelligence community’s top concern, ahead of terrorism. The breach occurred as North Korea threatens preemptive nuclear strikes against the U.S. and South Korea, raising regional tensions.

“Even if the attack didn’t come from China, it’s too early to say that it wasn’t from North Korea either,” said Youm Heung Youl, a professor at the department of Information Security Engineering at SoonChunHyang University in Asan, south of Seoul. “The latest attack came through multiple channels, so we can’t conclude what’s behind it yet. All we can say is that it was very systematic and organized, something like a state-sponsored cyberattack.”

Attack ‘Medium’

The networks at Shinhan Bank and Cheju Bank have been fully restored, while 10 percent of the networks at Munhwa Broadcasting Corp., YTN and Korean Broadcasting System are back to normal, according to the commission’s statement.

“The first malware code was found from an Internet Protocol address at Nonghyup Bank, so we investigated it and found that it wasn’t from China but from a domestic source,” Kim Shim Gyum, deputy director at KCC’s network policy bureau, said today by phone. “No other malware coded IPs are found yet, but we are still investigating.”

Nonghyup Bank is checking whether its IP addresses were used in the attack and believes that the code identified as coming from its IP address affected only its own network, bank spokesman Kim Dong Gi said by phone, without elaborating. About 10 percent of the lender’s 8,700 automated teller machines are still have distruptions and the bank aims to fix them by the end of the weekend, he said.

South Korea in 2011 blamed North Korea for attacks on about 40 websites and on closely-held Nonghyup, the Korean name for the National Agricultural Cooperative Federation, that kept almost 20 million clients from using automated teller machines and online banking services.

The bank said at the time it would spend 510 billion won ($456 million) by 2015 to boost network security.

Before it's here, it's on the Bloomberg Terminal.