A South Korean military source says it has identified the source of North Korea cyberattacks that targeted the internal networks of the military.
The Internet Protocol address linked to the attacks was traced to a location in Shenyang, China, and a malicious code associated with the address was similar to the one used in North Korean cyberattacks against the South, Yonhap reported.
Seoul’s military believes the evidence points to North Korean involvement in a hacking incident aimed at the army’s intranet.
“It is our understanding the internal network of the military was hacked from an IP address in Shenyang,” a military source told Yonhap. “The malicious code used in the hacking is similar to the code used in several computer breaches.”
A separate 2014 cyberattack that infiltrated multiple servers at Korea Hydro and Nuclear Power was also linked to an IP address in Shenyang, according to the report.
South Korea’s military has previously stated the internal defense network is safe from breaches because it is separated from the rest of the Internet.
But the hacking could have occurred when users of the internal network accessed it through the Internet, giving hackers an opportunity to exploit a weak point, the military source said.
The source added more information could not be provided to the press without posing risks to cybersecurity.
In August North Korea hackers were linked to the targeting of numerous South Korean government agencies.