China's supposed involvement in a cyberattack against South Korea was false
The Korea Communications Commission (KCC) and the National Police Agency of South Korea are currently investigating a cyber attack that affected eight major businesses in the country, including banks, insurers, and TV broadcasters. The attack caused the IT systems of these businesses to crash spontaneously, with SK Telecom being infiltrated by an unauthorized third party deploying sophisticated malware called BPFDoor.
The KCC has admitted falsely implicating a Chinese IP address in the cyber attack. It was later discovered that the IP address in question belonged to a computer owned by NongHyup bank, not a computer in China. The National Police Agency of South Korea has confiscated the computer for investigation.
A group of hackers calling themselves "Whois Team" have claimed responsibility for the attack on social networks, but the KCC has not yet determined the identity of the perpetrator. Unlike the two other banks affected by the cyber attack, NongHyup bank is still in the process of recovering its systems.
The link to China in the cyber attack has fueled speculation about North Korea's involvement. Yesterday, Yonhap news reported that an unnamed official had a "strong suspicion" that North Korea was involved in the attack, although the South Korean government has not completed its investigation.
South Korea is actively working on attributing such attacks with scientific evidence and legal-technical measures, aiming to hold perpetrators accountable and cooperate internationally. The country's government continues to strengthen cyber defense capabilities, including attribution procedures and joint international deterrence against threat actors like North Korea’s hacking groups.
In July 2025, investigations into the SK Telecom breach concluded with fines imposed on the company for negligence in managing account information and reporting breaches. However, there is no confirmed evidence that stolen data has been misused.
In summary, the suspected attackers are APT groups possibly connected to North Korea or China, although definitive attribution remains unconfirmed. The KCC is currently investigating the perpetrator of the cyber attack and tracking down all potential sources. South Korea emphasizes proactive attribution and international cooperation to address such attacks.
Technology played a significant role in the recent cyber attack on eight major South Korean businesses, as the unauthorized third party deployed the malware BPFDoor to infiltrate SK Telecom's IT systems. This incident widened the general-news discourse, including crime-and-justice issues, as the attack is being linked to North Korea, potentially implicating them in cybercrime. Despite Yonhap news reports suggesting North Korea's involvement, definitive attribution is yet to be confirmed, and the KCC continues its investigation to ascertain the identity of the perpetrator. South Korea remains dedicated to strengthening its cybersecurity measures and attributing such attacks via scientific evidence and international cooperation.
