2013 South Korea cyberattack
   HOME

TheInfoList



OR:

In 2013 there were two major sets of cyberattacks on
South Korea South Korea, officially the Republic of Korea (ROK), is a country in East Asia, constituting the southern part of the Korean Peninsula and sharing a land border with North Korea. Its western border is formed by the Yellow Sea, while its eas ...
n targets attributed to elements within North Korea.


March

On 20 March 2013, three
South Korea South Korea, officially the Republic of Korea (ROK), is a country in East Asia, constituting the southern part of the Korean Peninsula and sharing a land border with North Korea. Its western border is formed by the Yellow Sea, while its eas ...
n television stations and a bank suffered from frozen computer terminals in a suspected act of cyberwarfare.Tania Branigan
"South Korea on alert for cyber-attacks after major network goes down: Computer systems of banks and broadcasters are interrupted, with fingers immediately pointed at North Korea"
''
The Guardian ''The Guardian'' is a British daily newspaper. It was founded in 1821 as ''The Manchester Guardian'', and changed its name in 1959. Along with its sister papers ''The Observer'' and ''The Guardian Weekly'', ''The Guardian'' is part of the Gu ...
'', 20 March 2013.
ATMs and mobile payments were also affected. The South Korean communications watchdog
Korea Communications Commission Korea Communications Commission () is a South Korean media regulation agency modeled after the Federal Communications Commission of the United States of America. It was established on February 29, 2008, combining the former ''Korean Broadcasting ...
raised their alert level on cyber-attacks to three on a scale of five.
North Korea North Korea, officially the Democratic People's Republic of Korea (DPRK), is a country in East Asia. It constitutes the northern half of the Korean Peninsula and shares borders with China and Russia to the north, at the Yalu (Amnok) and T ...
has been blamed for similar attacks in 2009 and 2011 and was suspected of launching this attack as well. This attack also came at a period of elevated tensions between the two Koreas, following Pyongyang’s nuclear test on 12 February. South Korean officials linked the incident to a Chinese
IP address An Internet Protocol address (IP address) is a numerical label such as that is connected to a computer network that uses the Internet Protocol for communication.. Updated by . An IP address serves two main functions: network interface ident ...
, which increased suspicion of
North Korea North Korea, officially the Democratic People's Republic of Korea (DPRK), is a country in East Asia. It constitutes the northern half of the Korean Peninsula and shares borders with China and Russia to the north, at the Yalu (Amnok) and T ...
as " telligence experts believe that North Korea routinely uses Chinese computer addresses to hide its cyber-attacks." The attacks on all six organizations derived from one single entity. The networks were attacked by malicious codes, rather than distributed
denial-of-service In computing, a denial-of-service attack (DoS attack) is a cyber-attack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host conne ...
(DDoS) attacks as suspected at the beginning. It appeared to have used only hard drive overwrites. This
cyberattack A cyberattack is any offensive maneuver that targets computer information systems, computer networks, infrastructures, or personal computer devices. An attacker is a person or process that attempts to access data, functions, or other restricte ...
“damaged 32,000 computers and servers of media and financial companies.” The Financial Services Commission of South Korea said that
Shinhan Bank Shinhan Bank Co., Ltd. () is a bank headquartered in Seoul, South Korea. Historically it was the first bank in Korea, established under the name Hanseong Bank in 1897. The bank was reestablished in 1982. It is part of the Shinhan Financial Gro ...
reported that its Internet banking servers had been temporarily blocked and that and
NongHyup The South Korean National Agricultural Cooperative Federation (initialized as NH (in Korean, derived from NongHyup) or NACF) was established in 1961 to enhance the social and economic status of its membership and to promote a balanced developmen ...
reported that operations at some of their branches had been paralyzed after computers were infected with viruses and their files erased.
Woori Bank Woori Bank (Hangul: 우리은행 ''Uri Eunhaeng'') is a Korean multinational bank headquartered in Seoul. It is one of the four largest domestic banks in South Korea and is showing a strong presence not only for commercial banking but also for co ...
reported a hacking attack, but said it had suffered no damage. Computer shutdowns also hit companies including the Korean Broadcasting System, Munhwa Broadcasting Corporation, and YTN. This cyberattack “caused US$750 million in economic damage alone. (Feakin 2013)” Also, “ e frequency of cyber attacks by North Korea and rampant cyber
espionage Espionage, spying, or intelligence gathering is the act of obtaining secret or confidential information (intelligence) from non-disclosed sources or divulging of the same without the permission of the holder of the information for a tangib ...
activities attributed to China are of great concern to the South Korean government. (Lewis 2013)”


June

The June 25 cyber terror is an information leak that occurred on June 25, 2013 that targeted
Cheongwadae Cheong Wa Dae ( ko, 청와대; Hanja: ; ), also known as the Blue House, is a public park that formerly served as the executive office and official residence of the president of South Korea from 1948 to 2022. It is located in the Jongno dis ...
and other institutions. The hacker that caused this incident admitted that the information of 2.5 million Saenuri Party members, 300 thousand soldiers, 100 thousand Cheongwadae homepage users and 40 thousand
United States Forces Korea United States Forces Korea (USFK) is a sub-unified command of U.S. Indo-Pacific Command (USINDOPACOM). USFK is the joint headquarters for U.S. combat-ready fighting forces and components under the ROK/US Combined Forces Command (CFC) – a ...
members. There were apparent hacking attacks on
government A government is the system or group of people governing an organized community, generally a state. In the case of its broad associative definition, government normally consists of legislature, executive, and judiciary. Government is ...
websites. The incident happened on the 63rd anniversary of the start of the 1950-53
Korean War , date = {{Ubl, 25 June 1950 – 27 July 1953 (''de facto'')({{Age in years, months, weeks and days, month1=6, day1=25, year1=1950, month2=7, day2=27, year2=1953), 25 June 1950 – present (''de jure'')({{Age in years, months, weeks a ...
, which was a war that divided the
Korean peninsula Korea ( ko, 한국, or , ) is a peninsular region in East Asia. Since 1945, it has been divided at or near the 38th parallel, with North Korea (Democratic People's Republic of Korea) comprising its northern half and South Korea (Republic o ...
. Since the
Blue House Cheong Wa Dae ( ko, 청와대; Hanja: ; ), also known as the Blue House, is a public park that formerly served as the executive office and official residence of the president of South Korea from 1948 to 2022. It is located in the Jongno distr ...
’s website was hacked, the personal information of a total of 220,000 people, including 100,000 ordinary citizens and 20,000 military personnel, using the “
Cheong Wa Dae Cheong Wa Dae ( ko, 청와대; Hanja: ; ), also known as the Blue House, is a public park that formerly served as the executive office and official residence of the president of South Korea from 1948 to 2022. It is located in the Jongno distr ...
” website were hacked. The website of the office for Government Policy Co-ordination and some media servers were affected as well. While multiple attacks were organized by multiple perpetrators, one of the distributed
denial-of-service In computing, a denial-of-service attack (DoS attack) is a cyber-attack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host conne ...
(DDoS) attacks against the South Korean government websites were directly linked to the “DarkSeoul” gang and Trojan.Castov. Malware related to the attack is called "DarkSeoul" in the computer world and was first identified in 2012. It has contributed to multiple previous high-profile attacks against South Korea.


Timeline

At approximately 2013 June 25 9:10 AM, websites such as the Cheongwadae website, main government institute websites, news, etc. became victims of website change,
DDoS In computing, a denial-of-service attack (DoS attack) is a cyber-attack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connec ...
, information thievery and other such attacks. When connecting to the Cheongwadae homepage words such as 'The great Kim Jong-un governor' and 'All hail the unified chairman Kim Jong-un! Until our demands are met our attacks will continue. Greet us. We are anonymous' would appear with a photo of president
Park Geun-hye Park Geun-hye (; ; often in English ; born 2 February 1952) is a South Korean politician who served as the 11th president of South Korea from 2013 to 2017, until she was impeached and convicted on related corruption charges. Park was the fi ...
. The government changed the status of cyber danger to 'noteworthy' on June 25 10:45 AM, then changed it to 'warning' on 3:40 PM. Cheongwadae uploaded an apology on June 28. The Ministry of Science, ICT and Future Planning revealed on July 16 that both the March and June incidents corresponded with past hacking methods used by
North Korea North Korea, officially the Democratic People's Republic of Korea (DPRK), is a country in East Asia. It constitutes the northern half of the Korean Peninsula and shares borders with China and Russia to the north, at the Yalu (Amnok) and T ...
. However, the attacked targets include a Japanese Korean Central News Agency site and major North Korean anti-South websites, and the hackers also have announced that they would release information of approximately 20 high-ranked North Korean army officers with countless pieces of information on North Korean weaponry.


Response

Following the hacking in June there was further speculation that
North Korea North Korea, officially the Democratic People's Republic of Korea (DPRK), is a country in East Asia. It constitutes the northern half of the Korean Peninsula and shares borders with China and Russia to the north, at the Yalu (Amnok) and T ...
was responsible for the attacks. Investigators found that “an IP address used in the attack matched one used in previous hacking attempts by
Pyongyang Pyongyang (, , ) is the capital and largest city of North Korea, where it is known as the "Capital of the Revolution". Pyongyang is located on the Taedong River about upstream from its mouth on the Yellow Sea. According to the 2008 populat ...
.” Park Jae-moon, a former director-general at the Ministry of Science, ICT and Future Planning said, “82 malignant codes ollected from the damaged devicesand internet addresses used for the attack, as well as the North Korea's previous hacking patterns," proved that "the hacking methods were the same" as those used in the 20 March cyber attacks. With this incident, the Korean government publicly announced that they would take charge of the “Cyber Terror Response Control Tower” and along with different ministries, the National Intelligence Service (NIS) will be responsible to build a comprehensive response system using the “National Cyber Security Measures.” The South Korean government asserted a Pyongyang link in the March cyberattacks, which has been denied by Pyongyang. A 50-year-old South Korean man identified as Mr. Kim is suspected to be involved in the attack.


Appearance in the South Korean National Geographic

The South Korean National Geographic published cyber terror as one of the top 10 keywords of 2013 due to these attacks.내셔널지오그래픽채널, '2013년 10대 키워드'
경향신문, 2013년 12월 12일


See also

* Bureau 121 *
Lazarus Group Lazarus Group (also known by other monikers such as Guardians of Peace or Whois Team ) is a cybercrime group made up of an unknown number of individuals run by the government of North Korea. While not much is known about the Lazarus Group, resea ...


References

{{DEFAULTSORT:South Korean cyber attack 2013 in South Korea Cyberwarfare 2010s internet outages