South Korean companies attacked by data wiping malware

Motive behind hack still a mystery

Security companies have pinpointed malware responsible for a major hack in South Korea that wiped computers in several organisations.

Networks in two major banks and three television stations bore the brunt of the attacks by malware dubbed DarkSeoul. The hack lefts computer unable to boot up as the malware wiped the PCs' Master Boot Record (MBR). The attack also affected internet banking and cash machines at Shinhan Bank while broadcasters KBS, MBC and YTN barely managed to keep to schedules as computers were left unable to operate.

The finger of blame has been pointed to North Korea for the attack, although no evidence has been found to support this.

Analysis of the malware by IT security firm AlienVault found that it was "a very simple piece of code that overwrites the MBR (Master Boot Record) making the affected system unable to start after reboot."

Jaime Blasco, Labs Director at AlienVault said that other companies have published information about the wiper payloads but no one is giving information about how the attackers gained access to the affected networks.

"To execute the payload the attackers would have had to gain access to the companies somehow and execute the wiping routine at the same time in the affected computer," he said.

"If the goal of the attackers was to create panic it means they did not have a specific list of victims."

Blasco added that one of the easiest ways to gain access to several targets without having too much resources/skills would be to buy an exploit kit and a malware kit, hack into websites and redirect victims to your malicious infrastructure "or even better rent a botnet(s) that have access to hundreds of computers and try to find victims inside interesting targets."

Symantec dubbed the same malware as the "Jokra Trojan" and said in a separate analysis that it contained a module that could wipe Linux machine as well as Windows.

It said in a blog post that while there were currently no indications of the source of this attack or the motivations behind it, "it may be part of either a clandestine attack or the work of nationalistic hacktivists taking issues into their own hands."

According to a Reuters report, LG U+, the company providing internet connectivity to some of the companies affected, says that it believed its network was hacked.

Featured Resources

The ultimate law enforcement agency guide to going mobile

Best practices for implementing a mobile device program

Free download

The business value of Red Hat OpenShift

Platform cost savings, ROI, and the challenges and opportunities of Red Hat OpenShift

Free download

Managing security and risk across the IT supply chain: A practical approach

Best practices for IT supply chain security

Free download

Digital remote monitoring and dispatch services’ impact on edge computing and data centres

Seven trends redefining remote monitoring and field service dispatch service requirements

Free download

Recommended

Microsoft touts new cyber security help for nonprofits
cyber security

Microsoft touts new cyber security help for nonprofits

22 Oct 2021
A quarter of all malicious JavaScript is obfuscated
hacking

A quarter of all malicious JavaScript is obfuscated

20 Oct 2021
Organizations warned of ransomware risk from smaller operators
ransomware

Organizations warned of ransomware risk from smaller operators

19 Oct 2021
Iranian hacking group continues to target US citizens
hacking

Iranian hacking group continues to target US citizens

18 Oct 2021

Most Popular

Best Linux distros 2021
operating systems

Best Linux distros 2021

11 Oct 2021
Windows 11 has problems with Oracle VirtualBox
Microsoft Windows

Windows 11 has problems with Oracle VirtualBox

5 Oct 2021
What is cyber warfare?
Security

What is cyber warfare?

15 Oct 2021