South Korea: Pyongyang behind code used in banking cyberattacks

South Korean investigators said malicious code used in cyberattacks on banks, media outlets and a nuclear power operator officially tie those hacking attempts to North Korea.

The code compromised an estimated 48,000 computers in 2013 by deleting content on their hard disks. It temporarily paralyzed banking activity by some customers, stoking fears about a possible shutdown of the country’s financial system. 

ADVERTISEMENT

South Korea, which has dubbed the attack “Dark Seoul,” experienced a less sophisticated phishing attack on its nuclear power operator later in the year. Current and former employees were targeted by emails with dangerous attachments that could compromise their computers with one false click.

Officials in South Korea shared the malicious code with CNN and said there is little doubt that Pyongyang was responsible for creating it.

“The malicious codes used in the attack were same in composition and working methods as 'Kimsuky' codes known to be used by North Korea,” the prosecutor’s office said in a statement, according to CNN.

Investigators previously said they traced the IP addresses used during the cyberattacks to Shenyang, China, only a few hours drive from the North Korean border.

North Korea denies allegations that it engages in cyberwarfare.