ROK Drop

Avatar of GI KoreaBy on March 21st, 2013 at 4:24 am

Did the Iranians Assist North Korea with Their Cyberattack?

» by in: North Korea

Considering the similarities between the alleged Iranian cyberattacks on various US banks and businesses I would not be surprised if they assisted the North Koreans on their latest cyberattack on South Korea:

Cyberattacks on three South Korean TV stations and two banks disrupted computer networks and halted ATM services temporarily on Wednesday, sending a tremor through that nation’s heavily Internet-dependent economy and raising questions about whether the attack was carried out by a nation-state or a hacker group.

Fingers were quickly pointed at North Korea as a likely suspect – especially given its protests last week that South Korea and the US were behind a two-day temporary shutdown of its Internet. Longstanding reports suggest that the North is training cadres of elite hackers.

Senior South Korean government officials withheld judgment while the matter is being investigated. But cybersecurity experts said the attacks, which occurred at around 2 p.m. local time, were synchronized and appear to have been the result of malicious software – a crude cyberweapon planted inside the computer networks of the banks and TV stations.

The malicious software was a “wiper” program that deletes computer files en masse – the type of cyberweapon used to attack Saudi Aramco in August 2012, damaging or wrecking 30,000 work stations in the giant oil company’s network.

To plant that kind of cyberweapon in multiple South Korean networks, the attackers had to have been inside the networks for some period. That differentiates these attacks from the attacks now going on against US banks, which flood websites with data and make web services freeze up.

Adding confusion, some South Korean computers were reported to have shown the image of a skull and a graphic claiming the attack was conducted by a group called the “Whois Team.” But that display may say little about who was behind the attack, cybersecurity experts say. More revealing is the apparent goal. [Christian Science Monitor]

You can read the rest at the link, but I would not be surprised if the North Koreans used some of their Chinboista allies in South Korea to launch the attacks in order to better cover their tracks.

Tags: , ,
  • 2ID Doc
    4:49 am on March 21st, 2013 1

    I wonder if this was a border skirmish…a better attack after some live practice to take down a portion (banks & information networks) or most of the ROKs Internet infrastructure along with a actual invasion would throw the entire peninsula into chaos. ROK Army too busy trying to figure out why they can’t post to FB to notice the DPRK tank column rolling by…

  • Obama's Speech Coach
    4:52 am on March 21st, 2013 2

    All I can say is what I tell my clients:

    1. Move your business computers to Linux.
    2. Don’t allow non-business web-surfing from business PCs.
    3. Choose “pass phrases” of greater than 15 characters in length.
    4. Don’t share your business network with personal PCs or handhelds.
    5. Publish a “Safe Surfing” policy.
    6. Publish a corporate Security Policy.
    7. Fire violators.

  • Conway Eastwood
    5:58 am on March 21st, 2013 3

    Norks? I thought it was traced to China? At least, that’s what I heard on NHK.

  • Harikas
    6:05 am on March 21st, 2013 4

    So yeah, your safe if you do not use Windows…yeah.

  • Glans
    6:50 am on March 21st, 2013 5

    Coach’s points 2 through 7 are valid.

    I doubt Iran was directly involved. They would probably have hacked the US or Israel — that would be retaliation for Stuxnet. But it is possible Iran and North Korea work together on malware, and then each chooses its own targets.

  • Onezime
    7:44 am on March 21st, 2013 6


    North Korean tanks aren’t well maintained enough to make it across the DMZ. Heck, some were designed during WW2.

  • Conway Eastwood
    8:22 am on March 21st, 2013 7


    True that. They still use downgraded T-55s, which even an M60 Patton could easily take out. Not that that even matters, as the ROKs use the K1/K2, which is similar to the M1 Abrams, a 3rd generation MBT, compared to the T-55, which is a 1st generation tank.

  • Denny
    9:31 am on March 21st, 2013 8

    Iran has economic ties with Japan and South Korea, so I doubt Iran will help North Korea target them.

  • Denny
    9:32 am on March 21st, 2013 9

    ‘Iran-Japan trade to hit $17 billion’

  • JoeC
    1:58 pm on March 21st, 2013 10

    Considering the similarities between the alleged Iranian cyberattacks on various US banks and businesses I would not be surprised if they assisted the North Koreans on their latest cyberattack on South Korea:

    I don’t recall any major Iranian cyber attacks on the US. Fingers were pointed at the Iranians for serious cyber attacks against Saudi Arabia, but some of the tools and techniques in that attack seem to have been modeled on the Stuxnet attack earlier used against Iran suspected to be from some ‘western government agencies.’ Anyway, it is believed that North Korea already had a highly rated institutionalized cyber warfare capability much more advanced that what Iran might have been know for.

    While the obvious initial response would be to point fingers at North Korea, it may turn out not to have been done by them … directly. There are now clues that the attack was launched from China and used some Chinese code. That doesn’t exonerate North Korea and may be part of a mis-direction and deception, but it just means more needs to be learned to say for sure.

    The thing that doesn’t fit with the North Korean state sponsored attack is the skulls messages reported to have popped up on some screens. That seems out of place with what you would expect from an institution directed stealth attack. That is the sort of thing you get from juvenile subversive anarchist groups like Anonymous and LulzSec. There is some evidence that such groups operate in China and the government there allows them some free reign, especially when the go on a tear to defend Chinese nationalist interests such as they seemed to have done several years ago in attacking foreign governments and media critics of China’s Tibet suppression.

    However, I would find it hard to believe that North Korea would allow such undisciplined radical groups to operate among them.

    Again, it could all be part of the deception and mis-direction. Or, it maybe even the an unintended side-effect of North Korean agents in China acquiring malicious code tools from some of those groups that still had those gimmicks embedded.

  • JoeC
    3:24 pm on March 21st, 2013 11


    P.S. Some further reading that goes into explaining why claims of state sponsored hacking may not always be very clear cut.

    But while Patriot Hacking may be allowed and maybe encouraged in China, I don’t see that happening in North Korea.

  • Flyingsword
    4:43 pm on March 21st, 2013 12

    nK actually have T-62 and other higher models. Also, continue to upgrade the tanks they do have have….

  • Glans
    9:47 am on March 22nd, 2013 13

    Oops. That IP address wasn’t in China, it was right there inside Nonghyup Bank. Read the big story.


RSS feed for comments on this post | TrackBack URI

By submitting a comment here you grant this site a perpetual license to reproduce your words and name/web site in attribution.

Bad Behavior has blocked 59487 access attempts in the last 7 days.