Switch to Desktop Site

New clue in South Korea cyberattack reveals link to Chinese criminals

Cybersleuths picking through the digital bread crumbs left behind in Wednesday's massive South Korea cyberattack have found an interesting morsel: Apparently hackers used an 'exploit tool' made in China to infiltrate the computer networks.


Korean Broadcasting System employees in Seoul, South Korea, Thursday try to recover a computer server a day after a cyberattack caused computer networks at the company to crash.


About these ads

The source of the cyberattack that damaged 32,000 computers at several banks and television stations in South Korea Wednesday remains unclear, but the digital traces left behind have led one cybersleuth to suggest that it has clear links to Chinese cybercrime organizations.

Though South Korean investigators initially said they had traced the attack to an Internet address in China, they have since stepped back from that statement. Yet cybersecurity experts looking at file names, Internet domain names, and other digital detritus left behind by the attackers – which has been published on Korean technical blogs – are coming to their own conclusions.

The information posted online has led Jaime Blasco, a cybersecurity researcher in San Mateo, Calif., to suggest that the attackers gained access to the computers though a so-called “exploit kit” apparently designed by cybercriminals in China and often used to target South Korea.

How much do you know about cybersecurity? Take our quiz. How much do you know about cybersecurity? Take our quiz.

The finding doesn’t implicate the Chinese government – or exonerate it. Nor does it provide any clarity on whether North Korea was involved – though some experts say the exploit kit is just the sort of cybercrime tool that North Korea might be inclined to purchase on the black market.


Page 1 of 4