Play Live Radio
Next Up:
0:00
0:00
0:00 0:00
Available On Air Stations

South Korea Says Cyberattack That Paralyzed Computers Was Traced To Chinese IP

A man walks past the Cyber Terror Response Center at National Police Agency in Seoul, South Korea.
Chung Sung-Jun
/
Getty Images
A man walks past the Cyber Terror Response Center at National Police Agency in Seoul, South Korea.

South Korea has traced a cyberattack that paralyzed more than 30,000 computers on Wednesday to a Chinese Internet protocol address, the Korean Communications Commission said Thursday.

Of course, as soon as the attacks happened, suspicion centered on Pyongyang. North Korea, of late, has been increasingly belligerent, threatening a nuclear attack on the United States and South Korea.

This Chinese IP is a curveball, but The New York Times reports it's still not clear where the attack came from. It explains:

"Many analysts in Seoul suspect that North Korean hackers honed their skills in China and were operating there. At a hacking conference here last year, Michael Sutton, the head of threat research at Zscaler, a security company, said a handful of hackers from China 'were clearly very skilled, knowledgeable and were in touch with their counterparts and familiar with the scene in North Korea.'

"But there has never been any evidence to back up some analysts' speculation that they were collaborating with their Chinese counterparts. 'I've never seen any real evidence that points to any exchanges between China and North Korea,' said Adam Segal, a senior fellow who specializes in China and cyberconflict at the Council on Foreign Relations."

As Scott reported, yesterday, the attack crashed the computer networks of South Korea's three main broadcasters and major banks.

The AP reports that this kind of attack does not look like any of the previous attacks launched by China. Chinese hackers are interested in collecting intelligence and intellectual property, the AP reports. They're not usually interested in causing disruptions to commerce.

The Los Angeles Times reports that Pyongyang did not comment on the cyberattack, but issued a fresh set of warnings.

"The U.S. should not forget that the Andersen base on Guam where B-52s take off and naval bases on the Japan mainland and Okinawa where nuclear-powered submarines are launched, are all within the range of our precision target assets," the Times quotes a "North Korean army spokesman" as saying.

Copyright 2021 NPR. To see more, visit https://www.npr.org.

Eyder Peralta is NPR's East Africa correspondent based in Nairobi, Kenya.