Chinese malware in South Korean cyber attack

by Chris Zappone

But it’s not a smoking gun. Not yet, at least. 

The fact that there is Chinese malware doesn’t offer anything conclusive about the origin of the attack in South Korea, which hit 32,000 South Korean servers.

The story from Bloomberg quotes Chungnam National University computer engineer professor Ryou Jae Cheol as saying plenty of North Korean hackers operate from China.

It’s no secret that there are North Korea-China military-to-military links. Why wouldn’t there be Chinese code used? What are the economics of writing and testing malware? What are economics of coordinated hacking?

Key quotes: ‘‘Discovering that the code was from China makes it more likely that the attack was from North Korea, because a lot of North Korean hackers operate there,’’ said Ryou Jae Cheol. ‘‘Who else would be making this kind of attack at this scale and timing other than North Korea?’’

“It’s highly probable that North Korea used Chinese IPs for the attacks,’’ said Lim Jong In, dean of Korea University’s Graduate School of Information Security. ‘‘These are sentimental attacks, aimed at spreading confusion to the whole society by paralyzing media and financial institutions. But it will take some time to exactly track who’s behind this as China is unlikely to actively cooperate.’’

So it’s not clear if China had an active role or was largely passive, just allowing its servers to be used in the attack. I would assume that, based on numbers, much malware authored in Asia is Chinese anyway, just like any manufactured good.