Massive spam emails sent to South Korean public organizations were traced to an internet network in northeast China that officials said was behind a cyberattack on South Korea’s nuclear power operator.
Kang Sin-myeong, the National Police Agency Commissioner-General, said the Internet Protocol address used to send the spam emails is registered in the northeastern province of Liaoning that borders North Korea.
The IP address — the online equivalent of a street address or phone number — exactly corresponds to one on the same network used in the cyberattack against the Korea Hydro and Nuclear Power Co. in 2014, said Kang.
His comments bolstered suspicion that North Korea may have sent what he described as “two-track smishing mails” by disguising them as being sent by either South Korea’s presidential office or the foreign ministry, in relation to North Korea’s recent nuclear test.
A two-track smishing mail refers to a method in which hackers hide malware in second emails that are sent after the intended recipients respond to the first, which are not compromised.
Kang said there seems to be little or no damage incurred by the suspected hacking attempt as the emails did not contain malware.
When asked if he believes North Korea was behind the latest attempt, Kang told reporters that it is “not at a stage to say clearly yet,” other than the IP address corresponds to the one on the same network behind the cyberattack on the nuclear power operator.
North Korea has a track record of waging cyberattacks on South Korea and the United States in recent years, though it has flatly denied any involvement.
The latest hacking attempt came amid heightened tensions on the Korean Peninsula after North Korea claimed earlier this month that it successfully carried out its first hydrogen bomb test.
In response, South Korea is working with the U.S. and other regional powers to punish the communist country for its nuclear test. (Yonhap)