A huge cyberattack on South Korean banks, broadcasters and others, believed to be one of the most serious in the country’s history, has left investigators hunting for evidence of North Korean involvement as infrastructure struggled back online. Systems at multiple banks and two insurance companies were either forced offline or severely impacted in the attack, which began at roughly 2pm local time; three TV stations were also targeted and suffered downtime. However, despite strong suspicions at North Korean involvement, spokespersons from South Korean agencies insist it’s too early to lay the blame at their insular northern neighbours.
“We’re looking into the cause of the shutdown,” a spokesperson for South Korea’s president told the WSJ, “but we can’t say North Korea is behind it.” The country’s communications agency described the attacks as the result of “malicious code” though held off suggesting potential culprits.
Some reports have suggested that skulls were seen on the impacted systems, though that has not been corroborated as yet. Television networks KBS, MBC, and YTN all confirmed problems to the National Police Agency, Korea’s Yonhap News reports, in addition to Shinhan Bank and Nonghyup Bank.
However, there was either no attack or no impact of an attempted attack on any South Korean government sites, nor military services. It’s possible the targets were selected because they were considered more vulnerable than their government counterparts.
There are suggestions that the attack may have been connected to recent North Korean allegations that South Korea and the US had themselves been hacking systems, the New York Times reports, targeting North Korean websites as part of joint military exercises this month. On Friday last week, a North Korean spokesperson said that the country would “never remain a passive onlooker to the enemies’ cyberattacks that have reached a very grave phase as part of their moves to stifle it.”
Technicians quickly worked to bring the systems back online, discovering a virus that had prevented computers from booting. A longer-term investigation into the root cause and origins of the attack is still underway. “We cannot rule out the possibility of North Korean involvement,” a South Korean defense department spokesperson said, “but we don’t want to jump to a conclusion.”