A Chinese Internet address was the source of a cyberattack on one of the South Korean companies hit in a massive computer shutdown that affected five other banks or media companies, initial findings indicated Thursday.
It's too early to assign blame — Internet addresses can easily be manipulated and disguised — but suspicion for Wednesday's shutdown quickly fell on North Korea, which has threatened Seoul with attack in recent days because of anger over U.N. sanctions imposed for its Feb. 12 nuclear test.
Experts say hackers often attack via computers in other countries to hide their identities. South Korea has previously accused North Korean hackers of using Chinese addresses to attack.
The crash Wednesday caused computer networks at major banks and top TV broadcasters to crash simultaneously. It paralyzed bank machines across the country and raised fears that this heavily Internet-dependent society was vulnerable.
A Chinese address created the malicious code in the server of one of the banks, Nonghyup, where computers crashed, according to an initial analysis by the state-run Korea Communications Commission, South Korea'stelecom regulator.
It is expected to take at least four to five days for the infected computers to recover fully.
Regulators have distributed vaccine software to government offices, banks, hospitals and other institutions to prevent more outages.