SEOUL – The suspected cyberattack that struck South Korean banks and media companies this week didn’t originate from a Chinese IP address, South Korean officials said today, contradicting their previous claim.
The Korea Communications Commission, a South Korean regulator, said that after “detailed analysis,” the IP address that was thought to be from China was determined to be an internal IP address from one of the banks that was infected by the malicious code.
It said, though, that “the government has confirmed that the attack was from a foreign land.”
The attack Wednesday damaged 32,000 computers and servers at media and financial companies, South Korea’s Communications Commission said.
It infected banks’ and broadcasters’ computer networks with a malicious program, or malware, that slowed or shut down systems, officials and the semiofficial Yonhap News Agency said.
The military stepped up its cyberdefense efforts in response to the widespread outages, which hit nine companies, Yonhap reported, citing the National Police Agency.
Government computer networks did not seem to be affected, Yonhap cited the National Computing and Information Agency as saying. A joint team from government, the military and private industry was responding.
How the hackers got in and spread the malicious code remains under investigation, and analysts are examining the malware, a South Korean official close to the investigation said. (CNN)