South Korean banks threatened with DDoS attacks unless they pay $315,000

South Korean banks are being threatened with crippling DDoS attacks unless they pay $315,000 in bitcoin. The attackers threatening them identified themselves as the Armada Collective.

banks ddos attacks extortion

According to South Korean news agency Yonhap, among the targeted institutions are KB Kookmin Bank, Shinhan Bank, Woori Bank, KEB Hana Bank, and NH Bank.

Choi Sang-Myung, a researcher at South Korean’s Hauri Labs, noted that these latest threats might have been a consequence of the recent successful extortion attempt of South Korean web hosting provider Nayana. In any case, he said that the banks are well prepared to meet the onslaught, should it come.

The deadline for the announced attacks was this Monday. The websites of the aforementioned banks are online and working, but whether it’s because they paid the requested amount or because they managed to twart the DDoS attacks is impossible to tell.

South Korean banks are often targeted by hackers

In general, South Korean financial institution are accustomed to being targets of cyber attacks, either by hacker collectives or state-sponsored hackers.

In 2016 South Korean’s central bank’s website was hit by DDoS attacks apparently mounted by Anonymous. In 2013, the networks of several South Korean broadcasting organizations and banks were partially or entirely crippled by coordinated attacks that were believed to be executed by North Korean hackers. In 2011, the websites of many South Korean banks as well as government websites were targeted with DDoS attacks, and Nonghyup, a South Korean farm co-operative, suffered a destructive cyber intrusion. Both attacks were believed to be the work of state-sponsored North Korean hackers.

Whether these latest threats are actually the work of the Armada Collective, a group that has been perpetrating these shakedown schemes since 2015, is impossible to tell for sure.

The anonymous nature of this type of attacks allows attackers to take on practically any name and persona they want, even to use that of other groups or individuals.

In fact, it is widely believed that state-sponsored North Korean hackers often pose as cyber criminal groups in order to rake in money for the government.