SEOUL, Jan 26 (Reuters) – North Korea’s internet appears to have been hit by a second wave of outages in as many weeks, possibly caused by a distributed denial-of-service (DDoS) attack, researchers said on Wednesday.
The latest incident took place for about six hours on Wednesday morning local time, and came a day after North Korea conducted its fifth missile test this month.
Junade Ali, a cybersecurity researcher in Britain who monitors a range of different North Korean web and email servers, said that at the height of the apparent attack, all traffic to and from North Korea was taken down.Sponsored by VerizonReady for 2022? We are.In 2021 we were the most awarded carrier for Network Quality by J.D. Power, paid $7.8B in cash dividends, and our employees volunteered 1M+ hours. And now, more than 95M people will have access to our 5G Ultra Wideband network. Ready for 2022? We are.See moreReport ad
“When someone would try to connect to an IP address in North Korea, the internet would literally be unable to route their data into the country,” he told Reuters.
Hours later, servers that handle email were accessible, but some individual web servers of institutions such as the Air Koryo airline, North Korea’s ministry of foreign affairs, and Naenara, which is the official portal for the North Korean government, continued to experience stress and downtime.Report ad
Internet access is strictly limited in North Korea. It is not known how many people there have direct access to the global internet, but estimates generally place the figure at a small fraction of one percent of the population of about 25 million.
Seoul-based NK Pro, a news site that monitors North Korea, reported that log files and network records showed websites on North Korean web domains were largely unreachable because North Korea’s Domain Name System (DNS) stopped communicating the routes that data packets should take.
A similar incident was observed on Jan. 14, NK Pro reported.
The simultaneous nature of the server outages suggested a DDoS attack, in which hackers try to flood a network with unusually high volumes of data traffic in order to paralyse it, Ali said.
“It’s common for one server to go offline for some periods of time, but these incidents have seen all web properties go offline concurrently. It isn’t common to see their entire internet dropped offline.”
During the incidents, operational degradation would build up first with network timeouts, then individual servers going offline and then their key routers dropping off the internet, Ali said. “This indicates to me that this is the result of some form of network stress rather than something like a power cut.”