The South Korean government is pointing a finger toward Pyongyang in its assessment of last month's cyber-attacks on banks and media companies that affected thousands of computers and took electronic banking sites and ATM networks offline.
A report by South Korea's Ministry of Science, Information and Computer Technology, and Future Planning found evidence that the attack was carried out by North Korea's military intelligence, otherwise known as its "general reconnaissance bureau." The March 20 attack—which spread "wiper" malware that deleted the master boot record of PCs and attempted to delete volumes from Unix and Linux servers they were connected to—"resembled North Korea's past hacking patterns," a ministry spokesperson said in a Wednesday press briefing.
The attack targeted private citizen's computers as well as the website of an anti-North Korean organization and South Korean broadcaster YTN. Forensic evidence from it pointed directly to North Korean involvement. Six computers located at North Korean IP addresses were involved in the spreading of the malware used in the attacks, either directly or through proxies in China. Based on 76 malware samples collected by the investigation, the attack was planned at least eight months ago, when the code was spread to victims' PCs. This was largely accomplished through e-mail attachments disguised as bank account statements.