A researcher who has studied the malicious software used in the attacks on media outlets and banks in South Korea this week said the attacks were coordinated, but messy and loud, without many of the hallmarks of a state sponsored hacking operation. Richard Henderson, a Security Strategist at Fortilabs at Fortinet Inc. said that the malware used in the attack was programmed to begin operating at 2:00pm local time, suggesting that those behind it had planned their operation for weeks or months before launching it. Still, Henderson said many details of the attack make it dissimilar from so-called “advanced persistent threat” or APT-style hacks that are carried out by foreign governments or groups working on their behalf. Henderson said that Fortinet analysts first obtained a copy of the malware on March 19, a day before the attacks. Researchers there had already identified the “time bomb” hidden in the code, which was […]
Telecommunications
DPRKurious: Is North Korea Really Behind Cyber Attacks On The South?
The news keeps coming out of South Korea, where a mysterious rash of hacks and virus infections early Thursday compromised tens of thousands of machines running at banks, broadcasters and other firms, erasing data and causing widespread disruption. Here’s the latest: South Korean Officials “Strongly Suspect” North Korea South Korean government officials made their most direct statements to date (albeit anonymously) on the possible source of the attack, saying that they had a “strong suspicion” that the government of the Democratic People’s Republic of Korea (DPRK) was responsible. Speaking to the YonHap News Agency, the official, identified as a “high ranking official in the office of President Cheong Wa Dae,” refused to elaborate. However, he may have been referring to the preliminary results of the Korea Communications Commission (KCC) which traced the malicious code responsible for crippling computers at broadcasters and banks to an IP address in China. South Korean […]
Update: Destructive Hacks Hit South Korean Media, Banks
Editor’s Note: Updated to include information from AlienVault on the attacks. – PFR 3/20/2013 Destructive cyber attacks against media outlets and banks in South Korea have ratcheted up tensions on the Korean Peninsula, with charges that the government of reclusive North Korea was behind the hacks. According to a report in South Korea’s Yonhap News Agency, the attacks began at 2:00PM local time in South Korea and affected the computer networks of three broadcasters and two banks. Broadcasters KBS, MBC and YTN all reported that their computer networks were “halted” at that time. Shinhan Bank and Nonghyup made similar reports to the National Police Agency (NPA), according to Yonhap. Unlike past distributed denial of service (DDoS) attacks that are believed to have been launched by the DPRK against the South, the latest incursions come at a time of extreme military tension on the peninsula, and caused damages to South Korean […]
ISP Telenor: Execs Laptops Emptied in Cyber Spy Operation
The Norwegian telecommunications firm Telenor told authorities in that country that a sophisticated cyber spying operation compromised the computers of leading executives and “emptied” them of sensitive information, including e-mail messages, computer files and passwords, according to a report Sunday by Aftenposten. Several executives of Telenor were the subjects of “extensive, organized industrial espionage,” the report said, quoting Telenor Norway’s director, Rune Dyrlie. The company has reported the incident to Nasjonal sikkerhetsmyndighet – or NSM – Norway’s national security authority as well as Nor-CERT, Norway’s Computer Emergency Readiness Team and the cyber defense unit Cyberforsvaret. “We take it very seriously by several bosses in Telenor stolen sensitive information. It is quite clear that those behind, got downloaded stolen information. There is no doubt that we have lost data,” Dyrlie told Aftenposten. Dyrlie said that the company missed the initial infection, which used “new, customized software.” The first indication of a compromise came after automated monitoring software operated […]
