Hacking
#OpNorthKorea brings more attacks on DPRK websites
Mar 30th
A new round of attacks against North Korean websites began Saturday, causing several to become unavailable.
The attacks appear to be part of a loosely coordinated effort by hackers to target North Korean sites after the country’s state-run media said relations with South Korea were “at a state of war.”
As of 3pm Korean time (0600 UTC) on Saturday, attempts to contact the Naenara, Korean Central News Agency, Air Koryo and Voice of Korea all failed.
The sites were hit with an apparent DDoS (distributed denial of service) attack in which the web servers are flooded with so much junk traffic from hackers More >
South Korean sites hit by cyber attacks
Mar 27th
Several South Korean websites that specialize in reporting on North Korean issues were hit by cyber attackers on Tuesday, they said late the same day.
Daily NK and Free North Korea Radio both confirmed the attacks in articles posted on their sites. They were said to begin at 2pm local time (0500 UTC) and resulted in the sites being unavailable for some time.
“The attack was aimed at databases and was designed to blow away the entire system. Based on this, we can say that their target was clearly pre-ordained and the aim was to completely incapacitate it,” the Daily NK said More >
More IPs found in hacking probe, but they might mean nothing
Mar 26th
Investigators looking into last week’s cyber attack on South Korean banks and broadcasters have reportedly found more IP (Internet Protocol) addresses linked to the attacks, but one security expert I spoke to said that might mean nothing.
The National Police Agency said it has traced some of the malicious code to addresses in the United States and three European countries, according to Yonhap. No further details were released by the NPA.
The news comes after investigators last week publicly announced a Chinese address as linked to the attack, but then withdrew the accusation a day later. It turned out the address was correct and, when More >
More information on the South Korean cyber attack
Mar 24th
The mysterious cyber attack that hit an estimated 32,000 computers at South Korean TV stations and banks last week is looking more interesting, based on the latest analysis from computer security companies.
The first immediate analysis concluded that the malicious software was pretty unsophisticated, in part because it was based on a piece of malware that has been known for a year or so and because the commands in the code were not hidden.
That still seems to be true, but more data about the malware is coming out as researchers spend more time with it.
Fortinet on Friday said there were two different More >
Malware that hit South Korea wasn’t so sophisticated
Mar 21st
A cyber attack on three of South Korea’s major broadcasters and several of its major banks appears to have been caused by a relatively unsophisticated piece of software, security researchers said Wednesday. [Story updated, see below]
The attacks, which began at around 2pm local time on Wednesday (5:00 UTC) left desktop and laptop computers unable to start at KBS, MBC and YTN and took the auto-teller machines at Shinhan Bank and Nonghyup Bank offline. It didn’t affect the ability of the TV stations to put out programming.
The root of the attack was a malicious piece of software identified by computer security company Sophos More >
South Korea hit by coordinated cyber attack
Mar 20th
An apparently sophisticated and coordinated cyber attack has caused widespread disruption to computer networks and three of South Koreas largest broadcasters and two of the country’s banks.
The attack first showed itself at 2pm on Wednesday when computers at KBS, MBC and YTN shutdown. Upon restarting, the computers displayed error messages saying they were unable to boot. Apparently the boot record or entire operating system has been removed from the computers.
KBS broadcast images of computers in its offices showing an error screen and one KBS employee posted a picture of his laptop screen on Twitter (right.)
ATMs and online banking service at Shinhan More >
Root of Internet outage likely within DPRK, says researcher
Mar 19th
Last week’s Internet outage that pushed North Korean websites offline for almost two days was probably caused by a problem inside the country, not on an external connection, an Internet researcher said Monday.
“The impacted equipment was within North Korea,” said Doug Madory, a senior research engineer at Renesys. On Friday, he published a detailed look at the way the outage looked from the network level.
North Korea is connected to the Internet via two links and because the problems were observed on both connections, it stands to reason the problem was on the North Korean side, he said.
Data traffic instability on both More >
DPRK’s Internet outage lasted almost two days
Mar 16th
The Internet disruption that affected North Korea’s Internet link earlier this week lasted almost two days, an Internet monitoring company said Friday.
It began just before 0100 GMT on Wednesday — that’s 10am local time — and continued for much of the next day and a half. It then took several hours for traffic levels and response times to get back to normal, said Internet network monitoring company Renesys.
The country typically relies on a link via China Unicom to connect to the rest of the world and this disappeared from global routing tables when the outage began, said Renesys. Routing tables are constantly More >
KCNA accuses US, allies of cyberattacks
Mar 15th
North Korea’s state-run news agency accused the U.S. and its allies of being behind a series of cyberattacks that have forced its web sites offline for much of the last two days.
“Intensive and persistent virus attacks are being made every day on internet servers operated by the DPRK. These cannot be construed otherwise than despicable and base acts of the hostile forces consternated by the toughest measures taken by the DPRK after launching an all-out action,” the news agency said in a commentary.
The report represents the first recognition by North Korean state media of the cyberattacks.
The handful of web sites More >
Internet problems due to attack, says ITAR TASS
Mar 14th
Russia’s ITAR TASS news agency says problems experienced on Wednesday connecting to North Korean web sites was down to a cyberattack. [Updated, see below]
The report, which is datelined from Pyongyang, is just two sentences long and offers no evidence or details for the assertion. It’s credited to an unnamed and unidentified “informed source.”
“Internet resources of the country have come under a powerful hacker attack from abroad,” the news agency reported.
The lack of information makes it difficult to weigh the claim and the unwillingness of the source to go on-record adds a doubt.
In the past South Korea has quickly blamed North Korea for More >
