The Korean Communications Commission said on Thursday that South Korea has traced a recent cyberattack that paralyzed 30,000 computers at major South Korean banks and news broadcasting companies to a Chinese IP address.
Authorities originally suspected the threat came from North Korea, which has threatened before to launch a nuclear attack on the U.S. and South Korea. Some analysts suspect that North Korean hackers may be developing their skills and operating in China, though Adam Segal, a senior fellow at the Council on Foreign Relations, said that there has never been any real evidence to support that theory, according to The New York Times.
The attacks were launched using a malware program called “DarkSeoul,” which was first identified about one year ago. The program is designed to evade detection by some of South Korea’s most popular antivirus programs.
Attackers involved in the strike did not make an attempt to disguise the malware, leading some to speculate whether it came from a state entity or whether North Korean hackers and officials were specifically trying to make a pow.er play against its southern neighbor.
The Wednesday cyberattacks came just after statements by North Korea that South Korea and the U.S. had launched attacks on several of its systems, saying that the nation “will never remain a passive onlooker to the enemies’ cyberattacks that have reached a very grave phase as part of their moves to stifle it,” The New York Times reports.
The South Korean government, however, has yet to clearly determine who orchestrated the cyberattack.
“We cannot rule out the possibility of North Korean involvement, but we don’t want to jump to a conclusion,” Kim Min-seok, a spokesman for the South Korean Defense Ministry, said, according to The New York Times.
Similar attacks occurred in 2009, striking U.S. and South Korean websites, as well as the nation’s presidential palace and Defense Ministry, though the attacks were “distributed denial of service” attacks in which sites are flooded with traffic until they are forced offline. While many experts suspected North Korea as the attacker, a clear determination was never made.