Unraveling the South Korean cyberattacks
Posted on 21 March 2013.
Wednesday's news that the networks of several South Korean broadcasting organizations and banks have been partially or entirely crippled by coordinated attacks has raised a lot of questions, the main of which is "who is behind the attacks?"


South Korean Defence Ministry spokesman Kim Min-seok immediately stated that they would not be ruling out the possibility of North Korea being involved, which is understandable because relations between the two countries have been extremely strained lately.

Investigation into the matter revealed that the attacks came from a single Chinese IP address. While this doesn't mean that the attackers are Chinese, it made the likelihood of them being North Korean higher, as intelligence experts say that their modus operandi often includes using Chinese IP addresses to hide the real provenance of their cyber-attacks.

In the meantime, security firms such as Symantec, Sophos and FireEye have begun analyzing the malware delivered in the attacks. They have collectively concluded that the wiper component was meant first to kill AV and security processes on the targeted computers, then overwriting the Master Boot Record on their disk and reboot them.

The Trojan which dropped the malware into the systems is apparently able to wipe remote Linux and Unix machines in the computers's network.

But the malware is not responsible for knocking the companies' networks offline, and neither is it responsible for the defacement of a number of company websites hosted by Korean network provider LG U+ which hackers that go by the name of "Whois Team" have claimed. For the time being it is impossible to tell whether all these attacks are connected.

Alien Vault's Jaime Blasco has a few interesting theories on how the malware could have been delivered to the affected computers and how the attackers could have gained access to the affected networks in order to launch the wiping routine.

They involve either the use of an exploit kit and malware kit, or the renting of a botnet that has zombie computers within the targeted companies..









Spotlight

Infographic: 25 years of the firewall

Posted on 24 July 2014.  |  The firewall turned 25, and McAfee is celebrating with an infographic that creatively depicts its lifetime. If you take a moment to scan the infographic, you’ll notice the firewall's introduction and evolution coincide with certain security events.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Jul 25th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //