South Korea’s Ministry of Science said on Tuesday it analyzed codes, Internet addresses, and personal computers used in the June 25 attacks that paralyzed the websites of the presidential and prime minister’s offices. The date marked the 63rd anniversary of the Korean War. “An IP address within North Korean’s bandwidth was found, said Chun Kilsoo, an official from Korea Internet and Security Agency, during a media briefing.
Malicious codes and attack techniques were found to be similar to those identified in previous breaches which were traced back to North Korea.
Government officials, however, did not confirm a McAfee report which revealed cyberattacks in March against South Korean banks and news agencies were the result of a four-year spy operation. According to the U.S. security vendor, the covert op, dubbed “Operation Troy”, was aimed at stealing sensitive military and government information and had affected 30,000 computers.
In the June 25 attacks, affected sites showed messages stating: “We Are Anonymous. We Are Legion. We Do Not Forgive. We Do Not Forget. Expect Us.” Reports then had attributed the attacks to Anonymous, but the global hacktivist group denied via Twitter any involvement in the South Korean attacks, according to Reuters.
This is not the first time Seoul has pointed fingers up north. In January, South Korean police blamed the North for a June 2012 cyberattack which brought down operations at a major newspaper, JoongAng Ilbo. North Korea, in response, accused the U.S. for staging cyberattacks targeted at infiltrating Pyongyang’s Internet systems and blamed South Korea for fueling the conflict with its accusations.
In March, Seoul stepped up its cyberspace survelliance in preparation for possible cyberattacks from North Korea amid threats of a nuclear war. It issued its fourth highest level of cyberalert and conducted 24-hour monitoring of the state telecommunications network.
By Eileen Yu