North Korea Loses Internet in Suspected Cyber-Attack
North Korea has experienced an internet outage that may have been caused by a cyber-attack.
The country lost internet access for approximately six hours on Wednesday morning local time. The incident was the second outage to hit North Korea in the past two weeks.
Junade Ali, a cybersecurity researcher who monitors various North Korean web and email servers from a location in Britain, told Reuters that the latest outage could have resulted from distributed denial-of-service (DDoS) attack.
Describing the recent incident, Ali said: “When someone would try to connect to an IP address in North Korea, the internet would literally be unable to route their data into the country.”
Within a few hours of the suspected DDoS attack, servers supporting email were back up and running. However, disruption and downtime continued to impact individual web servers of institutions, including North Korea’s ministry of foreign affairs, the Air Koryo airline, and Naenara – the official portal for the North Korean government.
Seoul-based news site NK Pro, which monitors events in North Korea, reported that log files and network records indicated that websites ending in .kp and hosted on North Korean web domains were mostly unreachable. The reason given for this was that North Korea’s Domain Name System (DNS) had ceased to communicate the routes that data packets are meant to take.
The news site observed that a similar incident had occurred in North Korea on January 14 2022.
Ali said that how the server outage had occurred connoted that it was “the result of some form of network stress rather than something like a power cut.”
He said that no traffic was being sent to or from North Korea at the apex of the recent attack.
“It’s common for one server to go offline for some periods of time, but these incidents have seen all web properties go offline concurrently. It isn’t common to see their entire internet dropped offline,” said Ali.
He added: “During the incidents, operational degradation would build up first with network timeouts, then individual servers going offline and then their key routers dropping off the internet.”
More Stories
Pension Firms Report 4000% Surge in Breaches
Financial services targeted remorselessly over past year Read More
Sophisticated APT Clusters Target Southeast Asia
Unit 42 uncovered three separate threat actor clusters: Stately Taurus, Alloy Taurus and Gelsemium Read More
China-Linked EvilBamboo Targets Mobiles
This extensive operation is directed at Tibetan, Uyghur and Taiwanese individuals and organizations Read More
Voting Equipment Giants Team Up For Security
The move aims to combat the rampant spread of misinformation among American voters Read More
“The good and the bad that comes with the growth of AI” – watch this series of webinars with Abnormal, OpenAI, and others
Graham Cluley Security News is sponsored this week by the folks at Abnormal. Thanks to the great team there for...
iOS 17 update secretly changed your privacy settings; here’s how to set them back
Many iPhone users who upgraded their iPhones to the recently-released iOS 17 will be alarmed to hear that they may...