Stolen logins used to distribute malware in South Korea attacks

Security vendor AhnLab claims credentials were used to access patch management systems and distribute malware.

Password

Security vendor AhnLab has confirmed that stolen login details were used to carry out cyber attacks against South Korean banks and broadcasters last week.

As reported by IT Pro last week, hackers brought down several broadcasters and major banks in South Korea, in a series of attacks that have been linked to North Korea and China.

It is thought the attacks affected 32,000 servers managed by the banks and broadcasters.

A malware analysis by security vendor AlienVault said the attack had been caused by a piece of code that overwrites the master boot record and stops computers restarting after a reboot.

But, at the time of last week's report, the firm was unable to shed any light on how the malware gained access to the systems.

However, South Korea-based security vendor AhnLab has now claimed the hackers obtained user IDs and passwords to deliver the malware during some of the attacks.

"The credentials were used to gain access to individual patch management systems located on the affected networks," said the company in a statement.

"Once the attackers had access to the patch management system they used it to distribute the malware much like the system distributes new software and updates."

Speaking to IT Pro, Simon Edwards, regional manager for the UK at AhnLab, confirmed the attackers were able to use the logins to infiltrate his firm's patch management tools.

"There was no compromise of our own systems at any point, but they managed to get our user names and passwords from somewhere," he added.

The company also claims the malware can be detected in real-time and deleted using its multi-dimensional protection technology.

Featured Resources

How to scale your organisation in the cloud

How to overcome common scaling challenges and choose the right scalable cloud service

Download now

The people factor: A critical ingredient for intelligent communications

How to improve communication within your business

Download now

Future of video conferencing

Optimising video conferencing features to achieve business goals

Download now

Improving cyber security for remote working

13 recommendations for security from any location

Download now

Recommended

AOL users are the target of a new phishing campaign
phishing

AOL users are the target of a new phishing campaign

1 Mar 2021
Lazarus APT hacking group is targeting the defense industry
Security

Lazarus APT hacking group is targeting the defense industry

26 Feb 2021
FedEx and DHL phishing emails target Microsoft users
phishing

FedEx and DHL phishing emails target Microsoft users

24 Feb 2021
Hackers are using Google Alerts to help spread malware
hacking

Hackers are using Google Alerts to help spread malware

22 Feb 2021

Most Popular

How to connect one, two or more monitors to your laptop
Laptops

How to connect one, two or more monitors to your laptop

25 Feb 2021
How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

26 Feb 2021
Ransomware operators are exploiting VMware ESXi flaws
ransomware

Ransomware operators are exploiting VMware ESXi flaws

1 Mar 2021