Some South Korean banks and television stations were hit by an apparent cyberattack Wednesday. But the attack seems too crude for North Korea's cyberwar program, which is thought to be fairly advanced.
Boston and Seoul, South Korea
Cyberattacks on three South Korean TV stations and two banks disrupted computer networks and halted ATM services temporarily on Wednesday, sending a tremor through that nation’s heavily Internet-dependent economy and raising questions about whether the attack was carried out by a nation-state or a hacker group.
Fingers were quickly pointed at North Korea as a likely suspect – especially given its protests last week that South Korea and the US were behind a two-day temporary shutdown of its Internet. Longstanding reports suggest that the North is training cadres of elite hackers.
Senior South Korean government officials withheld judgment while the matter is being investigated. But cybersecurity experts said the attacks, which occurred at around 2 p.m. local time, were synchronized and appear to have been the result of malicious software – a crude cyberweapon planted inside the computer networks of the banks and TV stations.
The malicious software was a “wiper” program that deletes computer files en masse – the type of cyberweapon used to attack Saudi Aramco in August 2012, damaging or wrecking 30,000 work stations in the giant oil company’s network.
To plant that kind of cyberweapon in multiple South Korean networks, the attackers had to have been inside the networks for some period. That differentiates these attacks from the attacks now going on against US banks, which flood websites with data and make web services freeze up.
Page 1 of 4