South Korea cyberattack came from within, not China


South Korean police investigate possible cyberattack after four TV networks and large bank suffer server outages.


Megan Morris

China may not actually be the culprit behind a series of sweeping cyberattacks that hit South Korea this week, investigators announced on Friday.

The IP address used in the incident was thought to have originated in China, the regulatory Korea Communications Commission told Agence France-Presse, but in fact appears to have been an internal IP address at one of the affected banks.

Read more from GlobalPost: North Korea suspected of launching cyberattack that shuts down South Korean banks, TV stations

"We're still tracking some dubious IP addresses which are suspected of being based abroad," said Korea Internet and Security vice president Lee Jae-Il to AFP.

"Keeping all kinds of possibilities open, we're making efforts to track down the hackers," he added.

The IP address used at the bank appears to have been an accidental match to a Chinese address, noted the Associated Press, which added that investigators still believe the attack originated from abroad.

"We were careless in our efforts to double-check and triple-check," said Korean Communications Commission official Lee Seung-won to media. "We will now make announcements only if our evidence is certain."

South Korea initially accused North Koreans based within China of possibly orchestrating the attacks, which affected banks, television networks, and other infrastructure.

About 32,000 computers were affected and it was suspected it would take up to five days to restore functioning, noted Reuters, although efforts to return things to normal are going well.