South Korea Suffered 114,000 Cyberattacks in Five Years

South Korea has announced that its government institutions have suffered more than 114,000 cyber attacks since 2011.

The figures were published on Friday in a report by the country's National Assembly's Public Administration & Security Committee, technology news site CNET reported. The committee found that 114,035 cyber attacks, ranging from attempts to access classified information to leaking sensitive data, had been recorded between 2011 and June 2015. Less than one percent of the total attacks originated from IP addresses in North Korea.

The Ministry of Foreign Affairs was the most popular target, suffering 8,663 attacks. The figures do not include attempted hacks automatically filtered out by web security systems, nor attacks recorded by the Defense Ministry and Seoul's National Intelligence Service.

According to the IP addresses of the recorded attackers, more than half of the attempts came from within South Korea itself. China was next with 18,943 recorded attacks, and a further 8,092 came from the U.S. The number of attacks originating from a North Korean IP address was surprisingly low—in 2013, three cases were recorded involving an IP address from the hermit state, and just two in 2012.

However, analysts say this does not mean Pyongyang is not orchestrating cyber attacks against its southern neighbor. Internet connectivity is famously limited in North Korea: the country reportedly has around 1,024 IP addresses—compared to some 123 million in the U.K.—and there is just a single cable linking North Korea's network with that of China. Caroline Baylon, cybersecurity researcher at U.K. think tank Chatham House, says this lack of connectivity means many attacks which originated in, or were ordered by, North Korea do not show up in such figures.

"I would imagine that some significant percentage of what is being reported as China is North Korea. So it's not surprising that North Korea doesn't show up in the numbers. It's there but it's just not recorded," says Baylon.

Seoul has blamed Pyongyang for a number of cyber attacks in recent years. In March, Seoul created a new cabinet post to handle cybersecurity after a hack on its nuclear power plant operator in December which was blamed on Pyongyang. In 2013, some 32,000 computers in South Korean banks and broadcasters were compromised by a major cyberattack from a Chinese IP address, though South Korean media reported suspicions that the attack was orchestrated by North Korea. North Korean hackers were also blamed for cyber attacks on the South in 2011 and 2009.

A North Korean defector told the BBC in May that Pyongyang had an army of 6,000 trained military hackers and that the regime spends up to 20 percent of its military budget on cyber operations.

According to Alan Woodward, visiting professor at Surrey University and an advisor to Europol on cybercrime, attribution is inherently difficult with cyberattacks. Use of techniques such as botnet—where a network of internet-connected computers are unknowingly co-opted into forwarding malicious content to other computers—often makes it almost impossible to identify the real culprits.

"It has to be said that North Korea has the capability but just about every state has the capability [to carry out cyberattacks]," says Woodward. "It's highly likely that [North Korea is involved] but it's also highly likely that other people are interested in [hacking South Korea] as well."

Editor's Pick