On 20 March 2013, three South Korean television stations and a bank suffered from frozen computer terminals in a suspected act of cyberwarfare. ATMs and mobile payments were also affected. The South Korean communications watchdog, the Korea Communications Commission, raised their alert level on cyber-attacks to three on a scale of five. North Korea has been blamed for similar attacks in 2009 and 2011 and was suspected of launching this attack as well. This attack also came at a period of elevated tensions between the two Koreas, following Pyongyang’s nuclear test on 12 February. South Korean officials linked the incident to a ChineseIP address, which increased suspicion of North Korea as "ntelligence experts believe that North Korea routinely uses Chinese computer addresses to hide its cyber-attacks." The attacks on all six organizations derived from one single entity. The networks were attacked by malicious codes, rather than distributed denial-of-service attacks as suspected at the beginning. It appeared to have used only hard drive overwrites. This cyberattack “damaged 32,000 computers and servers of media and financial companies.” The Financial Services Commission of South Korea said that Shinhan Bank reported that its Internet banking servers had been temporarily blocked and that and NongHyup reported that operations at some of their branches had been paralyzed after computers were infected with viruses and their files erased. Woori Bank reported a hacking attack, but said it had suffered no damage. Computer shutdowns also hit companies including the Korean Broadcasting System, Munhwa Broadcasting Corporation, and YTN. This cyberattack “caused US$750 million in economic damage alone. ” Also, “he frequency of cyber attacks by North Korea and rampant cyber espionage activities attributed to China are of great concern to the South Korean government. ” Another similar incident occurred on 25 June 2013. There were apparent hacking attacks on government websites. The incident happened on the 63rd anniversary of the start of the 1950-53 Korean War, which was a war that divided the Korean peninsula. Since the Blue House’s website was hacked, the personal information of a total of 220,000 people, including 100,000 ordinary citizens and 20,000 military personnel, using the “Cheong Wa Dae” website were hacked. The website of the office for Government Policy Co-ordination and some media servers were affected as well. While multiple attacks were organized by multiple perpetrators, one of the distributed denial-of-service attacks against the South Korean government websites were directly linked to the “DarkSeoul” gang and Trojan.Castov. Malware related to the attack is called "DarkSeoul" in the computer world and was first identified in 2012. It has contributed to multiple previous high-profile attacks against South Korea. This hacking further speculated that North Korea was responsible for the attacks. It was told by investigators that “an IP address used in the attack matched one used in previous hacking attempts by Pyongyang.” Park Jae-moon, a former director-general at the Ministry of Science, ICT and Future Planning said, “82 malignant codes and internet addresses used for the attack, as well as the North Korea's previous hacking patterns," proved that "the hacking methods were the same" as those used in the 20 March cyber attacks. With this incident, the Korean government publicly announced that they would take charge of the “Cyber Terror Response Control Tower” and along with different ministries, the National Intelligence Service will be responsible to build a comprehensive response system using the “National Cyber Security Measures.” The South Korean government asserted a Pyongyang link in the March cyberattacks, which has been denied by Pyongyang. A 50-year-old South Korean man identified as Mr. Kim is suspected to be involved in the attack.
