North Korea loses internet in suspected cyberattack


North Korea experienced an internet outage that may have been caused by a cyberattack.

The country lost internet access for about six hours Wednesday morning local time. The incident was the second blackout to hit North Korea in the past two weeks.

Junade Ali, a cybersecurity researcher who monitors various North Korean web and email servers from a location in Britain, told Reuters the latest outage could have been the result of a distributed denial of service (DDoS) attack.

Describing the recent incident, Ali said, “When someone tried to connect to an IP address in North Korea, the internet would literally be unable to route their data to the country.”

A few hours after the alleged DDoS attack, the servers supporting email were back up and running. However, disruptions and downtime continued to affect individual web servers of institutions, including North Korea’s Ministry of Foreign Affairs, Air Koryo airline and Naenara, the official North Korean government portal. .

Seoul-based news site NK Pro, which monitors events in North Korea, reported that log files and network records indicated that websites ending in .kp and hosted on North Korean web domains were mostly inaccessible. The reason given was that North Korea’s Domain Name System (DNS) had stopped communicating the routes that data packets are supposed to take.

The news site observed that a similar incident happened in North Korea on January 14, 2022.

Ali said the way the server outage happened implied it was “the result of some form of stress on the network rather than something like a power outage.”

He said no traffic was being sent to or from North Korea at the height of the recent attack.

“It’s common for a server to go offline for a period of time, but these incidents have seen all web properties go offline simultaneously. It’s not common to see their whole internet go offline,” Ali said.

He added: “During incidents, operational degradation would accumulate first with network timeouts, then individual servers would go offline, then their key routers would drop from the internet.”


About Author

Comments are closed.