Posted on January 31, 2022 at 5:56 PM
Some Websites in North Korea were hit by a DDoS attack. This affected the country’s internet access for about six hours. This will be the second time North Korea has had an internet outage in two weeks. The country suffered a similar incident on January 14, 2022.
Reports about the incident indicated that the outage is most probably a result of distributed denial-of-service (DDoS) attack. According to Junade Ali, people who tried to connect to a North Korean IP address were unable to do so. He said they were not able to route their data into the country. Ali is a researcher that monitors several email and web servers in North Korea.
Also, there was no traffic going or moving from North Korea during the attack. Based on the nature of the network outage, it wasn’t a result of a power cut, but due to network stress on the servers.
Ali pointed out that although it’s common for a single server to be out for some time, the incident affected all web properties at the same time. he added that it is rare to see the entire internet completely shut out simultaneously.
The Incident Comes One Week After The DDoS Attack In Andorra
A DDoS attack is a method where threat actors overload a network by sending a massive amount of files or data. In most cases, the attack prevents the server from receiving data from genuine sources. Eventually, it can shut down the network completely due to the overwhelming load of information it cannot handle.
The DDoS attack on North Korean websites is coming barely a week after a multi-day Twitch gaming tournament was targeted by the ‘Minecraft’ DDoS attack. The attack affected Andorra Telecom, the only ISP in the country. This led to the complete shutdown of internet activities in the small European country for about 30 minutes. Also, the Minecraft gamers in the country were completely shut out, which appears to be the reason behind the attack.
However, the attackers on the North Korean websites have a different agenda, according to the report. The attack was also longer, as the servers were down for up to six hours.
The individual servers of institutions like Naenera (North Korean government official portal), Air Koryo Airline, and North Korea’s ministry of foreign affairs, were affected. The websites were still witnessing downtime and disruption hours later.
Network records and log files indicated that many websites on the North Korean domain were not available. NK Pro, a Seoul-based news site that monitors North Korean servers, confirmed that many of the websites were unreachable during the attack. It noted that the Domain Name System (DNS) stopped communicating the routes that data packets should take.
Other sites affected include North Korea’s cabinet newspaper ‘Democratic Chosen’, The Korean Central News Agency, the official newspaper of the North Korean Workers’ Party, as well as Rodong Sinmum.
Very Few People Have Global Internet Access In North Korea
Generally, North Korea runs severely restricted internet access. According to estimates, only about 1% of the country’s 25 million population has access to the global internet. Some of these people with access connection to the internet use VPNs, which keep them private.
Even those sites that were still connected when others lost connection became affected. The window refused to open due to a long waiting time or disconnection.
There are speculations that the recent DDoS attack on North Korean websites has caused heavy damage. However, the damage cannot be measured yet because major servers are still recovering from the incident. The immediate damage can be determined, but there are consequential damages, some of which cannot be measured.
Following the attack, the servers handling the email were restored. However, the other institutions were still having issues from access failures.
The Attacker Being Attacked?
It’s not clear what the motive of the attackers was, but North Korea has launched an investigation on the incident. The country has a very strong hacking group, which has been linked to a series of nation-state hacking incidents in the past.
The General Bureau of Reconnaissance is one of such groups that have been carrying out hacking crimes all over the world, according to intelligence officials. The group attacks companies and governments, including vital agencies in each country.
North Korea is considered to have the best hacking attack capability. But, according to some reports, the government is not responding swiftly to the latest hacking incident it suffered.