Cyber Escalation in Korea?
This morning, South Korean authorities reported that they have been the victims of a cyber attack which impacted TV News organizations as well as banking institutions.
Renesys can confirm that at least some of today’s incidents escalated to the point of global visibility, as both South and North Koreans networks experienced actual disconnections. We note similarly timed outages affecting South Korea’s largest natural gas company.
South Korea News Media Outages
We observed 5 routed networks of Korea Broadcasting System go down at 05:54:18 UTC this morning (20 March). At the time of this writing they are still down. The Yonhap News Network (YTN) also experienced outages of two of its networks today at 05:54:30 UTC and 06:29:26 UTC.
South Korea Banking and Energy Outages
About thirty minutes after the South Korean media outages, we observed Korea Gas Corporation (Kogas, AS9857), the largest liquefied natural gas import company in the world, go completely offline as its 10 routed networks went down at 06:26:30 UTC and stayed down for over two hours. At the same time, we saw three routed networks of Shinhan Bank taken down as well.
For context, remember that South Korea normally routes over 15,000 networks. On a typical day, 40-50 of these networks are down temporarily for various technical reasons.
However, networks from these sectors (Media, Energy, and Banking) are typically some of the most stable, and the timing of their simultaneous outages seems suspicious.
Additional outages in North Korea
Since last week’s disruption in connectivity in North Korea, we have observed additional brief routing outages for the four routed networks of North Korea. On Monday (18 March) and this morning (20 March), we observed outages lasting for just a few minutes in North Korea. It should be noted that although North Korea’s Internet is small, it is very stable. Until last week, North Korean outages had been very rare.
It is impossible to know from connectivity measurements alone whether these outages were the direct result of cyber attacks. However, given the recent rhetoric between these two nations, it is hard not to see these as ominous developments on the Korean peninsula.