Handout / Reuters
Employees of the Korean Broadcasting System (KBS) check computers as they try to recover a server of the company's network at main office of KBS in Seoul, on March 21.
SEOUL - A hacking attack on the servers of South Korean broadcasters and banks originated from an IP address based in China, officials in Seoul said on Thursday, raising suspicions the intrusion came from North Korea.
An unnamed official from South Korea's presidential office was quoted by the Yonhap news agency as saying the discovery of the IP address indicated Pyongyang was responsible for the attack on Wednesday.
A previous attack on a South Korean newspaper that the government in Seoul traced back to North Korea also used a Chinese IP address.
"We've identified that a Chinese IP is connected to the organizations affected," a spokesman for South Korea's Communications Commission told a press conference.
The attack brought down the network servers of television broadcasters YTN, MBC and KBS as well as two major commercial banks, Shinhan Bank and NongHyup Bank. South Korea raised its alert levels in response.
Investigations of past hacking incidents on South Korean organizations have been traced to Pyongyang's large army of computer engineers trained to infiltrate the South's computer networks.
"There can be many inferences based on the fact that the IP address is based in China," the communications commission's head of network policy, Park Jae-moon said. "We've left open all possibilities and are trying to identify the hackers."
It took the banks hours to restore operations. Damage to the servers of the TV networks was believed to be more severe, although broadcasts were not affected.
About 32,000 computers at the six organizations were affected, according to the South's state-run Korea Internet Security Agency, adding it would take up to five days to fully restore their functions.
North Korea has in the past targeted South Korea's conservative newspapers, banks and government institutions.
The biggest hacking effort attributed to Pyongyang was a 10-day denial of service attack in 2011 that antivirus firm McAfee, part of Intel Corp, dubbed "Ten Days of Rain". It said that attack was a bid to probe the South's computer defenses in the event of a real conflict.
North Korea last week said it had been a victim of cyber attacks, blaming the United States and threatened retaliation.