On Wednesday, many South Korean enterprises, particularly banks and media companies, were hit with cyberattacks. The malware used by the hackers erases all data from hard drives. Early investigations reveal the attacks originated at an IP address in China, and some believe North Korea may be to blame.
Shaun Waterman with The Washington Times reported, “Hackers hit South Korea’s top banks and TV broadcasters Wednesday in a sophisticated online attack that crashed computer networks, knocked bank websites offline and shut down ATMs for several hours — prompting widespread speculation that North Korea had launched a cyberattack. Although ATMs were back online within a few hours and none of the broadcasters was knocked off the air, the attack highlights the vulnerability of computer networks — and the ability of attackers to strike anonymously and without warning.”
Robert Lemos with eWeek added, “A destructive piece of malware, similar in function to the program used to delete data on tens of thousands of computers at a Middle Eastern oil conglomerate, caused widespread outages March 19 at major businesses in South Korea, IT security firms confirmed on March 20. The malware, dubbed ‘Jokra’ by security firm Symantec, wipes all data from any hard drive connected to an infected computer—a tactic similar to the August 2012 attacks on oil giant Saudi Aramco that was reportedly carried out by Iran and referred to by U.S. Defense Secretary Leon Panetta as ‘the most destructive attack that the private sector has seen to date.'”
The Associated Press observed, “A Chinese Internet address was the source of a cyberattack on one of the South Korean companies hit in a massive computer shutdown that affected five other banks or media companies, initial findings indicated Thursday. It’s too early to assign blame — Internet addresses can easily be manipulated and disguised — but suspicion for Wednesday’s shutdown quickly fell on North Korea, which has threatened Seoul with attack in recent days because of anger over U.N. sanctions imposed for its Feb. 12 nuclear test. Experts say hackers often attack via computers in other countries to hide their identities. South Korea has previously accused North Korean hackers of using Chinese addresses to attack.”
Another high-profile hack attack that occurred on the same day caused much less damage. BBC News reported, “The BBC Weather Twitter account has been hijacked by a group calling itself Syrian Electronic Army. A series of tweets about fake weather conditions in Middle Eastern countries began appearing on Thursday afternoon.” Those fake tweets included, “Saudi weather station down due to head-on collision with camel,” and “Chaotic weather forecast for Lebanon as the government decides to distance itself from the Milky Way.”