Seoul, South Korea – North Korea is to blame for last month’s cyberattacks on the websites of South Korean media companies and the president and prime minister’s offices, a South Korean investigation concluded Tuesday.
South Korea’s ministry of science said it was blaming North Korea based on analysis of codes, Internet addresses and personal computers used to launch the attacks. The attacks occurred June 25, the 63rd anniversary of the beginning of the Korean War.
It is the latest of several cyberattacks in recent years that Seoul blames on North Korea. Pyongyang has denied previous claims and has accused the US and South Korea of a cyberattack in March that shut down its own websites for two days.
The South Korean government-led team of investigators said the online assaults were planned for several months, and the attackers hacked file-sharing websites in South Korea to find security weaknesses.
An investigator told reporters that the attackers tried to steal personal information from the websites targeted in the June 25 cyberattacks, but it was not clear when the attempt took place. Local media reported that the personal information of millions of people was stolen from the presidential office’s website and the ruling party.
Investigators managed to recover data on the hard drives that the attackers destroyed June 25 and found an Internet protocol address that was used by North Korea. They also found that the codes used in the June attacks had the same features as the codes used in the larger March 20 cyberattacks that shut down tens of thousands of computers at South Korean broadcasters and banks.
The attackers in June tried to hide their identities by destroying hard drives and disguising the Internet protocol addresses they used, the ministry said. The attackers also tried to misguide investigators by using the picture of the Anonymous group, the ministry said.
Local media reported in June that the attack was done by a global hacking collective called Anonymous. But a South Korean government official told the Associated Press at the time that the attackers could not be confirmed at the moment.
The ministry said the June 25 attacks hit 69 government and private companies’ websites and servers.
Earlier this month, cybersecurity firms said the hackers behind the March attacks also have been trying to steal South Korean and US military secrets with a malicious set of codes they’ve been sending through the Internet for years. They did not specifically blame North Korea.
Researchers at Santa Clara, California-based McAfee Labs said the malware was designed to find and upload information referring to US forces in South Korea, joint exercises or even the word “secret.”
McAfee said versions of the malware have infected many websites in an ongoing attack that it calls Operation Troy because the code is peppered with references to the ancient city. McAfee said that in 2009, malware was implanted into a social media website used by military personnel in South Korea.