South Korea Claims North Behind Cyber Attacks On Government Websites

Tom Brewster is TechWeek Europe's Security Correspondent. He has also been named BT Information Security Journalist of the Year in 2012 and 2013.

Denial of service hits that coincided with the anniversary of the Korean War blamed on the North

South Korea has claimed it has fresh evidence indicating North Korea was responsible for cyber attacks on government-owned websites.

Officials claimed there were signs of North Korean involvement in denial of service attacks on sites including the presidential office, the office for Government Policy Coordination and the ruling New Frontier Party. The hits coincided with the 63rd anniversary of the Korean War on 25 June

South Korea - Shutterstock - © Aleksandar MijatovicThey said the techniques were similar to those seen in previous cyber attacks allegedly carried out by North Korea.

Korean cyber attacks

“An IP address within North Korea’s bandwidth was found,” said Chun Kilsoo, an official at the state-run Korea Internet and Security Agency, according to Reuters.

Jason Steer, EMEA product manager at security firm FireEye, told TechWeekEurope it was likely South Korea had got its attribution right.

“It’s certainly a risk but one assumes that South Korea have sufficient confidence to attribute the attack to  their closest threat actor, North Korea,” he added.

“One would assume that they have some very skilled forensic investigators to be able to reverse engineer code used in the attack and figure out who, why, when, etc.”

In April, South Korean officials said its neighbour was to blame for malware attacks that hit banks and major TV stations. It was claimed a military spy agency, the Reconnaissance General Bureau, was behind the hits.

McAfee recently reported that those behind the April attacks had been targeting South Korean military bodies since 2009 and had successfully penetrated certain official networks.

The security giant said a group called  the New Romantic Cyber Army committed the attacks as part of Operation Troy, named because of references to the ancient city found in the attack code.

What do you know about Internet security? Find out with our quiz!