Broadcasters KBS and MBC still didn’t have full computer use on Thursday, but the shutdown did not affect TV broadcasts.
The YTN cable news channel also said the company’s internal computer network was paralyzed. Footage showed workers staring at blank computer screens.
KBS employees said they watched helplessly as files stored on their computers began disappearing.
Last year, North Korea threatened to attack several news companies, including KBC and MBC, over their reports critical of children’s‘ festivals in the North.
“If it plays out that this was a state-sponsored attack, that’s pretty bald faced and definitely an escalation in the tensions between the two countries,” said James Barnett, former chief of public safety and homeland security for the U.S. Federal Communications Commission.
An ominous question is what other businesses, in South Korea or elsewhere, may also be in the sights of the attacker, said Barnett, who heads the cybersecurity practice at Washington law firm Venable.
“This needs to be a wake-up call,” he said. “This can happen anywhere.”
An official at the South’s Korea Communications Commission said investigators speculate that malicious code was spread from company servers that send automatic updates of security software and virus patches.
The shutdown raised worries about the overall vulnerability to attacks in South Korea, a world leader in broadband and mobile Internet access. Previous hacking attacks at private companies compromised millions of people’s personal data. Past malware attacks also disabled access to government agency websites and destroyed files in personal computers.
Seoul blames North Korean hackers for several cyberattacks in recent years. Pyongyang has either denied or ignored those charges. Hackers operating from IP addresses in China have also been blamed.
In 2011, computer security software maker McAfee Inc. said North Korea or its sympathizers likely were responsible for a cyberattack against South Korean government and banking websites earlier that year. The analysis also said North Korea appeared to be linked to a massive computer-based attack in 2009 that brought down U.S. government Internet sites. Pyongyang denied involvement.
“North Korea has almost certainly done similar attacks before,” said Tim Junio, a cybersecurity fellow at Stanford University’s Center for International Security and Cooperation. “Part of why this wasn’t more consequential is probably because South Korea took the first major incident seriously and deployed a bunch of organizational and technical innovations to reduce response time during future North Korea attacks.”
South Korea has created a National Cybersecurity Center, a national monitoring sector and a Cyber Command modeled after the U.S. Cyber Command. Junio said South Korea’s major antivirus firms also play a large role in stopping hacking attacks.
The shutdown comes amid rising rhetoric and threats of attack from Pyongyang over the U.N. sanctions. Washington also expanded sanctions against North Korea this month in a bid to cripple the government’s ability to develop its nuclear program.
North Korea has threatened revenge for the sanctions and for ongoing U.S.-South Korean military drills, which the allies describe as routine but which Pyongyang says are rehearsals for invasion.