| 28 September 2022, Wednesday |

North Korean internet downed by suspected cyber attacks

Researchers claimed on Wednesday that North Korea’s internet appears to have been hit by a second wave of disruptions in as many weeks, probably caused by a distributed denial-of-service (DDoS) assault.

The latest incident occurred on Wednesday morning local time, approximately six hours after North Korea launched its sixth missile test this month.

Junade Ali, a cybersecurity expert in the United Kingdom who monitors a variety of North Korean online and email services, stated that at the height of the alleged attack, all traffic to and from North Korea was shut down.

“When someone tries to connect to an IP address in North Korea, the internet actually cannot transport their data inside the nation,” he told Reuters.

Hours later, email servers were restored, but several individual web servers of organizations such as the Air Koryo airline, North Korea’s ministry of foreign affairs, and Naenara, the North Korean government’s official site, continued to face difficulties and outage.

North Korea’s Internet access is severely restricted. It is unknown how many individuals have direct connection to the worldwide internet, although estimates place the proportion at a minuscule fraction of one percent of the population of around 25 million.

Seoul-based NK Pro, a news site that monitors North Korea, reported that log files and network records showed websites on North Korean web domains were largely unreachable because North Korea’s Domain Name System (DNS) stopped communicating the routes that data packets should take.

A similar incident was observed on Jan. 14, NK Pro reported.

The simultaneous nature of the server outages suggested a DDoS attack, in which hackers try to flood a network with unusually high volumes of data traffic in order to paralyze it, Ali said.

“It’s common for one server to go offline for some periods of time, but these incidents have seen all web properties go offline concurrently. It isn’t common to see their entire internet dropped offline.”

During the incidents, operational degradation would build up first with network timeouts, then individual servers going offline and then their key routers dropping off the internet, Ali said. “This indicates to me that this is the result of some form of network stress rather than something like a power cut.”

  • Reuters