North Korea is to blame for last month’s cyberattacks on the websites of South Korean media companies and the president and prime minister’s offices, a South Korean investigation concluded today.
South Korea’s ministry of science said it was blaming North Korea based on analysis of codes, internet addresses and personal computers used to launch the attacks. The attacks occurred June 25, the 63rd anniversary of the beginning of the Korean War.
It is the latest of several cyberattacks in recent years that Seoul has blamed on North Korea. Pyongyang has denied previous claims and has accused the US and South Korea of a cyberattack in March which shut down its own websites for two days.
The South Korean government-led team of investigators said the online assaults were planned for several months, and the attackers hacked file-sharing websites in South Korea to find security weaknesses.
An investigator told reporters that the attackers tried to steal personal information from the websites targeted in the June 25 cyberattacks, but it was not clear when the attempt took place. Local media reported that the personal information of millions of people was stolen from the presidential office’s website and the ruling party.
Investigators managed to recover data on the hard drives that the attackers destroyed on June 25 and found an internet protocol address which was used by North Korea. They also found that the codes used in the June attacks had the same features as the codes used in the larger cyberattacks on March 20 which shut down tens of thousands of computers at South Korean broadcasters and banks.
The attackers in June tried to hide their identities by destroying hard drives and disguising the onternet protocol addresses they used, the ministry said. The attackers also tried to misguide investigators by using the picture of the global hacking collective called Anonymous, the ministry said.
Local media reported in June that the attack was carried out by Anonymous, but a South Korean government official told the Associated Press at the time that that could not be confirmed.
The ministry said the June 25 attacks hit 69 government and private companies’ websites and servers.
Earlier this month, cybersecurity firms said the hackers behind the March attacks also have been trying to steal South Korean and US military secrets with a malicious set of codes they have been sending through the internet for years. They did not specifically blame North Korea.
Researchers at McAfee Labs, based in Santa Clara, California, said the malware was designed to find and upload information referring to US forces in South Korea, joint exercises or even the word “secret”.
McAfee said versions of the malware have infected many websites in an ongoing attack that it calls Operation Troy because the code is peppered with references to the ancient city. McAfee said that, in 2009, malware was implanted into a social media website used by military personnel in South Korea.