South Korean cyberattack may not have come from China
The IP address traced to the source of the attack was a virtual one used by a South Korean bank and by coincidence matched an address registered in China.
South Korea apparently still has a mystery on its hands. Who launched a cyberattack against several of its banks and broadcasters this week?
Regulators for the country initially pointed the finger at China, saying that the attacks originated from a Chinese IP address. But they admitted today that they jumped the gun.
The IP address used in the attack was actually traced to one of the banks hit on Wednesday. South Korea's NongHyup Bank had been using the address as a virtual one for its internal network, according to Reuters. By coincidence, that address matched one registered in China.
Blaming China for the attack may have been a knee-jerk reaction but not one without cause. China has used North Korean hackers to stage attacks in the past, Reuters said. North Korea has been accused several times of launching cyberattacks against South Korean newspapers, banks, and government sites.
Tensions have recently been rising between the two Koreas. The United States and China have also enaged in their own war of words over reports of cyberattacks against each other.
Regulators in South Korea still believe the attack came from overseas and will continue to try to find the source. The cyberattacks took down computers at three broadcasters and two banks. LG U+, which provides Internet access to some of the companies targeted, said it believes its network was hacked, Reuters reported yesterday.
The malware used in the attack has been dubbed "DarkSeoul" by researchers at security vendor Sophos. Analyzing the malicious code, Sophos didn't find it especially sophisticated and said its own products have been able to detect it for the past year.
"For this reason, it's hard to jump to the immediate conclusion that this was necessarily evidence of a 'cyberwarfare' attack coming from North Korea," Sophos added.