Malicious code in NongHyup system came from Chinese IP: gov't
By 윤민식Published : March 21, 2013 - 10:49
Part of the malicious code that paralyzed network systems at South Korean banks and TV broadcasters came from a Chinese Internet Protocol (IP) address, Seoul's communications watchdog said Thursday.
Local TV broadcasters KBS, MBC and YTN along with Shinhan, NongHyup and Jeju banks suffered a massive network failure on Wednesday that halted financial services and crippled operations.
Following an analysis of source codes, the Korea Communications Commission (KCC) announced that the incident was caused by malicious codes rather than distributed denial-of-service (DDoS) attacks.
In a briefing, the KCC said a Chinese IP address (101.106.25.105) accessed Nonghyup's update management server and generated malicious files.
The communications watchdog said it believes the six affected institutions were attacked by a single entity and that it is in the process of tracking the attacker.
Meanwhile, the KCC said it is mulling all possible scenarios regarding the network failure, leaving open the possibility that North Korea was behind the cyber attack.