North Korea Loses Internet in Suspected Cyber-Attack
North Korea has experienced an internet outage that may have been caused by a cyber-attack.
The country lost internet access for approximately six hours on Wednesday morning local time. The incident was the second outage to hit North Korea in the past two weeks.
Junade Ali, a cybersecurity researcher who monitors various North Korean web and email servers from a location in Britain, told Reuters that the latest outage could have resulted from distributed denial-of-service (DDoS) attack.
Describing the recent incident, Ali said: “When someone would try to connect to an IP address in North Korea, the internet would literally be unable to route their data into the country.”
Within a few hours of the suspected DDoS attack, servers supporting email were back up and running. However, disruption and downtime continued to impact individual web servers of institutions, including North Korea’s ministry of foreign affairs, the Air Koryo airline, and Naenara – the official portal for the North Korean government.
Seoul-based news site NK Pro, which monitors events in North Korea, reported that log files and network records indicated that websites ending in .kp and hosted on North Korean web domains were mostly unreachable. The reason given for this was that North Korea’s Domain Name System (DNS) had ceased to communicate the routes that data packets are meant to take.
The news site observed that a similar incident had occurred in North Korea on January 14 2022.
Ali said that how the server outage had occurred connoted that it was “the result of some form of network stress rather than something like a power cut.”
He said that no traffic was being sent to or from North Korea at the apex of the recent attack.
“It’s common for one server to go offline for some periods of time, but these incidents have seen all web properties go offline concurrently. It isn’t common to see their entire internet dropped offline,” said Ali.
He added: “During the incidents, operational degradation would build up first with network timeouts, then individual servers going offline and then their key routers dropping off the internet.”
More Stories
Crooks Bypassed Google’s Email Verification to Create Workspace Accounts, Access 3rd-Party Services
Google says it recently fixed an authentication weakness that allowed crooks to circumvent the email verification required to create a Google...
Friday Squid Blogging: Sunscreen from Squid Pigments
They’re better for the environment. Blog moderation policy. Read More
Compromising the Secure Boot Process
This isn’t good: On Thursday, researchers from security firm Binarly revealed that Secure Boot is completely compromised on more than...
Synnovis Restores Systems After Cyber-Attack, But Blood Shortages Remain
Synnovis has rebuilt “substantial parts” of its systems following the Qilin ransomware attack on June 3, enabling the restoration of...
Hacktivists Claim Leak of CrowdStrike Threat Intelligence
CrowdStrike has acknowledged the claims by the USDoD hacktivist group, which has provided a link to download the alleged threat...
CrowdStrike Falcon Outage Exploited for Social Engineering
Cyber threat actors are exploiting the CrowdStrike Falcon outage to conduct social engineering attacks. Here's what the CIS CTI team...