A cyber attack on South Korean banks and broadcasters Wednesday was traced back to an Internet address located in China, South Korean officials said Thursday.
The telecoms regulator said hackers used a Chinese IP address to plant a malicious code leading to network outages that hit three broadcasters, KBS, MBC and YTN, and three banks, Shinhan, Nonghyup and Jeju -- Wednesday around 2 p.m. local time (5 a.m. GMT).
"Unidentified hackers used a Chinese IP address to contact servers of the six affected organizations and plant the malware which attacked their computers," Park Jae-moon of South Korea's communications regulator was quoted as saying by the BBC.
"At this stage, we're still making our best efforts to trace the origin of attacks, keeping all kinds of possibilities open," he said.
Though the identity of those behind the attack is yet to be established, the finding has strengthened early suspicions of North Korea’s hand in the incident as Seoul’s intelligence experts believe North Korea routinely uses Chinese IP addresses to mask its attacks.
"[The government] is closely analyzing the incident with all possibilities open, while bearing a strong suspicion that North Korea conducted the attack," an unnamed high-ranking official of the presidential office Cheong Wa Dae, or the Blue House, told Seoul’s Yonhap news agency.
Korea's Communications Commission (KCC) said that the attacks on all six organizations appear to have originated from a single entity.
Analysts are examining the malware to figure out how the hackers got in and spread the code.
The broadcasters and financial firms said their computer networks and services were back on track by early Thursday.
"But we are still working to recover around 5,000 personal computers that came under the attack, and our Web site is still inaccessible," an official of the largest public broadcaster KBS was quoted as saying by Yonhap.
About 32,000 computers were affected by the incident, and some services at Shinhan bank, including Internet banking and ATM machines, were disrupted.
The attack came amid Pyongyang’s increasingly belligerent rhetoric against South Korea and the U.S. and days after it accused the two nations of cyber attacks on its Internet servers.
Last year, North Korea was accused of launching cyber attacks on South Korean organizations including government websites and media outlets. Pyongyang was the alleged perpetrator behind the hacking Nonghyup computer networks, several other businesses and the email accounts of Korea University in 2011.