N.Korean internet downed by suspected cyber attacks -researchers

Send a link to a friend  Share

[January 26, 2022]    By Josh Smith

SEOUL (Reuters) - North Korea's internet appears to have been hit by a second wave of outages in as many weeks, possibly caused by a distributed denial-of-service (DDoS) attack, researchers said on Wednesday.

An illustration picture shows a projection of binary code on a man holding a laptop computer, in an office in Warsaw June 24, 2013. REUTERS/Kacper Pempel/Illustration/File Photo

The latest incident took place for about six hours on Wednesday morning local time, and came a day after North Korea conducted its fifth missile test this month.

Junade Ali, a cybersecurity researcher in Britain who monitors a range of different North Korean web and email servers, said that at the height of the apparent attack, all traffic to and from North Korea was taken down.

"When someone would try to connect to an IP address in North Korea, the internet would literally be unable to route their data into the country," he told Reuters.

Hours later, servers that handle email were accessible, but some individual web servers of institutions such as the Air Koryo airline, North Korea's ministry of foreign affairs, and Naenara, which is the official portal for the North Korean government, continued to experience stress and downtime.

Internet access is strictly limited in North Korea. It is not known how many people there have direct access to the global internet, but estimates generally place the figure at a small fraction of one percent of the population of about 25 million.

Seoul-based NK Pro, a news site that monitors North Korea, reported that log files and network records showed websites on North Korean web domains were largely unreachable because North Korea’s Domain Name System (DNS) stopped communicating the routes that data packets should take.

A similar incident was observed on Jan. 14, NK Pro reported.

The simultaneous nature of the server outages suggested a DDoS attack, in which hackers try to flood a network with unusually high volumes of data traffic in order to paralyse it, Ali said.

"It’s common for one server to go offline for some periods of time, but these incidents have seen all web properties go offline concurrently. It isn't common to see their entire internet dropped offline."

During the incidents, operational degradation would build up first with network timeouts, then individual servers going offline and then their key routers dropping off the internet, Ali said. "This indicates to me that this is the result of some form of network stress rather than something like a power cut."

(Reporting by Josh Smith; Editing by Mark Heinrich)

[© 2022 Thomson Reuters. All rights reserved.]
This material may not be published, broadcast, rewritten or redistributed.  Thompson Reuters is solely responsible for this content.

 

 

Back to top