Fresh Cyber-Attacks Strike South Korea

A new series of cyber-attacks targeting Websites in South Korea was launched today, disrupting both commercial and government sites. The DDOS attacks continue a campaign that began targeting sites in the United States over the July 4 weekend.

Another round of cyber-attacks hit South Korean Websites Thursday as the spate of denial-of-service attacks continued.

The latest attacks affected service on both government and commercial Websites in South Korea. According to the Associated Press, an official from the state-run Korea Communications Commission said that the impact of the attacks is relatively minor, and all but one of the sites was fully functional within two hours.

According to security researchers, the attacks are the work of malware that infected users and routed traffic to government and commercial sites starting during the July 4 weekend. On July 5, the list of sites to be attacked included five U.S. government sites. On July 6, the list was expanded to include 21 sites, including some in the private sector. The list was updated again on July 7 to feature 26 sites.

The list of the U.S. sites hit in the initial round of attacks over the weekend and into early this week included the U.S. Department of Treasury, the Secret Service, the Federal Trade Commission and several others. The attack hit South Korean sites July 7, and since has reportedly impacted sites belonging to entities such as the Ministry of National Defense and South Korean newspaper Chosun IIbo.

Speculation on who is responsible for the attack has centered on North Korea, as South Korea's National Intelligence Service told South Korean lawmakers July 7 that North Korea or its sympathizers were behind the attack. However, Joe Stewart, director of malware research at SecureWorks' Counter Threat Unit, told eWEEK yesterday he found no definitive evidence of involvement by North Korea in an analysis of the attack code.

Some security pros suggested the DDOS (distributed-denial-of-service) attacks may be simply about causing a nuisance, as there is no evidence data was stolen or there was any type of security breach.

"In this case, it might well be the North Koreans, and that's certainly the sexiest way to think of it, but it might also be a bunch of college kids that are [upset] at the South Korean and U.S. governments," said Roger Thompson, chief research officer of AVG Technologies. "Chances are there are still a few of those around... Far more dangerous scenarios are the subtle attacks, the ones you don't know about."