The malicious codes that crippled networks of broadcasters and banks in Korea on Wednesday originated from a local bank computer, the nation’s communications regulator said on Friday.
Government investigators previously said the cyber attack used an Internet protocol address based in China, suspecting that North Korea might be behind the attack.
|Researchers at the Cyber Terror Response Center analyze Wednesday’s cyber attacks on Thursday. (Yonhap News)|
The malware could have spread from an internal private IP of Nonghyup, the Korea Communications Commission said after looking into the network system of the agriculture bank.
It added that it is looking into every possibility as to the origins of the virus that infiltrated media and banking systems in the form of a Trojan horse.
The team noted that the malware may have come from a single source.
This latest finding is completely opposite to its earlier announcement that raised the suspicion of North Korea orchestrating the cyber attack on some 32,000 personal computers and servers at the major television broadcasters and banks.
The incident prompted the financial regulators to boost its alert status on the financial industry to “caution” as soon as Shinhan Bank and Nonghyup saw its networks crash and became unavailable to provide services to customers on Wednesday.
The Defense Ministry also increased its five-stage cyber alert level to INFOCON 3 to counter additional possible threats from North Korea, while local companies are being urged to check and safeguard their servers.
The team has not yet detected the origin of the malware, which it had noted is similar to past denial-of-service viruses allegedly planted by North Korea.
By Park Hyong-ki