South Korea Cyberattack Traced to China IP Address
But that doesn't mean North Korea is off the hook
By Mark Russell, Newser Staff
Posted Mar 21, 2013 4:00 AM CDT
Customers use the automated teller machine at a branch of Shinhan Bank in Seoul, South Korea, earlier today.   (AP Photo/Lee Jin-man)

(Newser) – No one knows who launched yesterday's cyberattack in South Korea that crippled 32,000 computers at three TV broadcasters and three banks, but the attack has been traced to a Chinese IP address. That doesn't mean North Korea is in the clear, however; on the contrary, the North has been known to route its attacks through such addresses, and the revelation has only "strengthened speculation" that North Korea was at the wheel, reports the BBC.

The malware used in this attack is called "DarkSeoul" and was first identified a year ago, reports the New York Times. State-sponsored cyberattacks tend to be stealthy, but this malware was not disguised, leading some to question whether North Korean hackers were behind it—or whether the North wanted to send a clear message. "This could be the start of a full-fledged cyber war," one intelligence official tells the Chosun Ilbo, warning that the South's nuclear power plants and railways could be future targets. Meanwhile, the AP reports that as of today, only one of the six companies targeted is back online; the other five may not all be up and running until next week.

View 1 more image