North Korea's Internet returns after 36-hour outage

State-run media blamed it on an international attack

Internet connectivity to North Korea was restored Friday after a day-and-a-half-long outage that the country's official media blamed on international hacking.

Connections to the Star, North Korea's sole Internet service provider, hit problems on Wednesday when websites became inaccessible from outside the country. The sites remained largely offline throughout the incident, although occasionally made brief returns.

North Korea doesn't have much in the way of Internet connectivity and there is little redundancy in its connection. Its main connection runs via China Unicom in neighboring China, and there is also a back-up satellite Internet connection via Intelsat. The country has just 1,024 IP (Internet protocol) addresses, making its national network more like that of a medium-sized company than an entire country.

Only a few thousand people are estimated to have direct Internet access -- mainly high-ranking government officials and scientists -- and the country has only a handful of public websites. Most of them carry propaganda from the state-run news media. The vast majority of the country has access to a nationwide intranet, which runs on the same technologies as the global Internet but has no connectivity outside of the country.

Renesys, a company that analyzes global Internet connectivity, said it first observed problems at 1 a.m. GMT on Wednesday. That would have been 10 in the morning in Pyongyang. Connectivity was largely lost for about 36 hours and returned late Thursday local time, although wasn't back to normal until Friday, according to Renesys data.

North Korea's state-run media was silent about the outage while it was under way, although on Friday the official Korean Central News Agency came out swinging against the U.S. and its allies. It said the outage was due to an "intensive and persistent virus attack," although offered no further details.

"The DPRK will never remain a passive onlooker to the enemies' cyber attacks that have reached a very grave phase as part of their moves to stifle it," it said, using the official name for the country, The Democratic Peoples' Republic of Korea.

Such bluster is typical of attacks on the U.S. in state-run media outlets.

The outage came against the backdrop of heightened tension on the Korean peninsula. The recent imposition of additional sanctions on the country by the United Nations Security Council and annual war games between the U.S. and South Korean forces have led the DPRK to threaten retaliation.

Martyn Williams covers mobile telecoms, Silicon Valley and general technology breaking news for The IDG News Service. Follow Martyn on Twitter at @martyn_williams. Martyn's e-mail address is

Join the CSO newsletter!

Error: Please check your email address.

Tags securityinternetRenesys

More about IDGIntelsatUnicomUnited Nations

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Martyn Williams

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place