[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ISN] 'Loud' Data-Annihilation Cyberattacks Hit South Korean Banks, Media Outlets


By Kelly Jackson Higgins
Dark Reading
March 20, 2013

A wave of cyberattacks that targeted South Korean banks and media networks today employed destructive malware that wiped the hard drives and attached drives of infected machines, crippling the organizations for hours as data was lost and the infected machines were unable to reboot.

Details of the attacks are still coming to light, but security experts have gotten a close-up look at the malware that was used in the attacks. One theory being studied by Symantec and other security firms is whether the malware initially was spread via drive-by attacks, specifically with a waterhole strategy that infected websites that users at those organizations would frequent, but Symantec says it has not confirmed that vector. Security firm Avast, meanwhile, suggests that the attack originated from a legitimate Korean website, Korea Software Property Right Council (SPC), that housed the malware.

Reports came out of South Korea today that computer screens went blank at 2 p.m. local time/5:00 a.m. GMT. The machines were defaced with a message from "The WhoIs Team" warning that the attackers had all of the victims' user accounts and data -- and that they had deleted the data. "We'll be back soon," the messages also said. Television media outlets YTN, MBC, and KBS were targeted, as were two major banks, Shinhan Bank and NongHyup Bank, according to Reuters. Other reports said Korean ISP LG U+, which provides services to some of the victims, also was breached in the attacks.

South Korean military and government networks weren't infected, but the Korean army raised its alert level amid worries that North Korea was behind the attacks given the escalating tensions between the nations. North Korea several days ago claimed that South Korea and the U.S. were behind attacks that knocked several of its websites offline for close to two days -- all of that in the wake of recent nuclear threats from North Korea, as well as drones and rocket attack exercises conducted by North Korea.


Attend #HITB2013AMS April 8th - 11th in Amsterdam.
Featuring over 42 international speakers and keynotes
by Bob Lord and Edward Schwartz http://conference.hitb.org