Cyber Incident Victim: Lotte Duty Free
Date:
Mar 2017
Location:
South Korea
Summary
A South Korean duty-free retailer experienced a distributed denial-of-service (DDoS) attack originating from Chinese IP addresses, causing its website to crash after prolonged slowdowns across all language versions. The incident followed geopolitical tensions related to the company's affiliate facilitating a U.S. missile defense system deployment opposed by China. While immediate financial losses were estimated in the hundreds of thousands of dollars due to non-peak timing, broader operational disruptions included the extended downtime of the group's Chinese domain following a separate virus infection. Concurrent challenges in China involved suppressed online retail visibility, halted construction projects, and stock price declines. Chinese authorities denied involvement but acknowledged cybersecurity cooperation commitments, amid South Korean government concerns over escalating business obstacles faced by its firms in China.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On March 1-2, 2017, Lotte Duty Free experienced a distributed denial-of-service (DDoS) attack targeting its website (lottedfs.com), which hosts four language versions. The first wave of the attack was detected on March 1, specifically affecting the Chinese language version of the site. The attack escalated on March 2, with traffic flooding from Chinese internet protocol (IP) addresses beginning at 11:00 a.m. local time (0200 GMT), causing significant slowdowns across all language versions. By 12:00 p.m., the website became completely inaccessible due to server overload. Lotte Duty Free stated the attack did not occur during peak traffic hours, limiting estimated business losses to "a couple of hundred thousand U.S. dollars." Separately, Lotte Group’s Chinese corporate website (lotte.cn) had been offline since March 1 due to an unrelated virus infection, though the company declined to disclose technical details about the malware. Lotte Duty Free implemented security enhancements and projected full website restoration by 6:00 p.m. local time (0900 GMT) on March 2.
The incident occurred amid heightened geopolitical tensions following Lotte Group’s February 27 approval of a land swap enabling the U.S. THAAD missile defense system deployment in South Korea, a move strongly opposed by China and Russia. Chinese state media had previously called for boycotts of South Korean goods, and South Korean companies reported increased operational challenges in China since the THAAD deployment was confirmed in November 2016. Concurrently, Chinese authorities halted construction at a $2.6 billion Lotte real estate project following a fire inspection. Lotte Shopping shares fell 7.8% on March 2, while Lotte Confectionery dropped 2.8%, underperforming the broader market. The South Korean government expressed concern over these developments, pledging diplomatic engagement with China to protect business interests. China’s Foreign Ministry denied involvement in the cyberattack, reiterating opposition to hacking while dismissing Lotte’s attribution as speculative. Retail subsidiary Lotte Mart also reported accessibility issues on Chinese e-commerce platform JD.com, where its storefront remained active but undiscoverable via search functions.