Computer networks at KBS, MBC and YTN television broadcasters and the Shinhan and Nonghyup banks were “partially or entirely crippled” during a simultaneous cyber attack at 2:00 p.m. local time on Wednesday, said the Korea Internet Security Agency.
Screens turned blank as skulls started popping up on the monitors of some computers, indicating that hackers planted a malicious code, the agency added.
Some computers came back online hours later, only after having caused major disruptions in banking and public services across the nation whose citizens rely on a largely cashless system.
Pyongyang recently accused the United States and South Korea of carrying out cyber attacks against North Korean Internet servers on a daily basis.
Tension has gripped relations between North Korea and South Korea along with its allies.
On March 11, South Korea and the United States launched a week-long annual joint military exercise near the Korean Peninsula despite warnings from North Korea, which condemned the maneuvers as a launch pad for a “nuclear war.” Pyongyang cut off its communication hotline with Seoul as the drills kicked off.
The suspected cyberattack that appeared to target South Korean banks and broadcasters Wednesday originated from an IP address in China, South Korea’s Communications Committee said in a statement Thursday.
The attack damaged 32,000 computers and servers of media and financial companies, the committee said.
South Korean officials are analyzing the cause and are working to prevent any further damage, the committee said.
The attack infected banks’ and broadcasters’ computer networks with a malicious program that slowed or shut systems down, officials and the semiofficial Yonhap News Agency said.
Suspicion immediately fell on North Korea, which has recently renewed threats to go to war with the South amid rising tensions over Pyongyang’s nuclear weapons and missile testing and international efforts to stop them.
South Korea’s military stepped up its cyberdefense efforts in response to the widespread outages, which hit nine companies, Yonhap reported, citing the National Police Agency.
Government computer networks did not seem to be affected, Yonhap cited the National Computing and Information Agency as saying.
A joint team from government, the military and private industry was responding, a presidential spokeswoman said, according to Yonhap.
A South Korean official close to the investigation told CNN that malicious computer code spread through hacking caused the outages.
How the hackers got in and spread the code remains under investigation, and analysts are examining the malware, the official said.
Wednesday’s attack is consistent with what North Korea has done in the past, said Adam Segal, a cybersecurity expert with the Council on Foreign Relations.
“It’s happened before in similar circumstances where there have been tensions on the peninsula,” Segal said.
South Korea has accused the North of similar hacking attacks before, including incidents in 2010 and 2012 that also targeted banks and media organizations.
The outages come amid heightened tensions on the Korean Peninsula, with the North angrily responding to a recent U.N. Security Council vote to impose tougher sanctions on Pyongyang after the country’s latest nuclear test last month.
Last week, North Korea invalidated its 60-year-old armistice with the South. It has threatened to attack its neighbor with nuclear weapons and has also threatened the United States.
The armistice agreement, signed in 1953, ended the three-year war between North and South but left the two nations technically in a state of war.
The saber-rattling prompted the United States to deploy B-52 bombers to conduct high-profile flyovers of its South Korean ally and announce that it would deploy new ground-based missile interceptors on its West Coast against the remote possibility that North Korea could strike the United States with long-range weapons.
Last week, North Korea complained that it was the victim of “intensive and persistent virus attacks” from the United States and South Korea, according to KCNA, the official North Korean news agency.
Yonhap said Wednesday’s outages affected three broadcasters, four banks and two insurance companies.
The three broadcasters — KBS, MBC and YTN — reported varying levels of trouble containing the virus. While the networks remained on the air, cable network YTN said editing equipment had been affected and it expected to experience broadcasting problems, Yonhap reported.
Computer networks stopped working entirely at three banks — Shinhan, Nonghyup and Jeju — around 2 p.m. Wednesday, Yonhap reported, citing the National Police Agency. Another financial institution, Woori Bank in Seoul, reported it was able to fend off a hacking attack about the same time.
The banks that were affected reported problems with a variety of systems, including Internet banking, ATMs and telecommunication services, and some branches stayed open late because of the slowdown, Yonhap said.