16 reports
The SK Communications breach stole personal details for up to 35 million CyWorld and Nate users after attackers compromised a South Korean software company update server. The supply-chain compromise delivered a trojanized software update that infected mor…
ESTsoft stated that the Nate breach investigation found attackers strategically targeted Nate employee PCs rather than general users of the public ALZip product. When those employee systems updated ALZip, they were redirected to an impersonated update ser…
The SK Communications breach analysis traces a NateOn-themed malware chain that used `nateon.exe` to install `winsvcfs.dll` as a service-based RAT. The loader modified its own PE header so the binary could operate as a DLL, wrote the result under an All U…
McAfee observed a March 2011 DDoS operation against South Korean government, military-related targets, and U.S. Forces Korea, launched from compromised hosts in South Korea. The botnet used a multitier command-and-control architecture with first-tier redi…
The Korean paper compares the March 4, 2011 DDoS attack with the 2009 7.7 DDoS incident through network-forensics analysis. It notes similarities in malware production, botnet construction, and attack rollout, but argues that the two incidents differed mo…
South Korea's 2011 NHBank network outage involved large-scale destruction of server data that disabled some or all services for several days. Investigators said a Korea IBM maintenance employee's laptop was infected after using a web-hard download coupon,…
A Korean prosecution presentation reconstructs the 2011 NongHyup banking disruption as a prepared destructive cyberattack that progressed from website-based malware infection to keylogging, backdoor installation, command-file staging, and execution of fil…
The 2011 presentation analyzes the March 4 DDoS activity and response, with packet observations showing HTTP GET requests to the root path, Cache-Control values such as no-store and must-revalidate, Proxy-Connection Keep-Alive, rotating Accept and User-Ag…
Symantec describes Trojan.Koredos activity behind DDoS attacks against South Korean websites and compares the campaign to the July 2009 attacks on U.S. and South Korean government, financial and media sites. Unlike botnets that wait for live C2 instructio…
Inca Internet analyzed malware samples tied to the March 2011 Korean DDoS incident, where attackers compromised webhard service update or installer servers and replaced legitimate modules with malicious downloaders. Infected systems downloaded additional …
The excerpt details the 3.3 DDoS incident in South Korea and states that the attacker and backing group were not identified. Malware operators abused update modules at four webhard services—Sharebox, Superdown, Bobofile, and Filecity—so users receiving up…
South Korean government reporting said the March 4 DDoS attacks used an estimated 77,207 zombie PCs after removing duplicate IPs across three attack waves. The second wave alone involved 51,434 infected machines, exceeding the peak size of the comparable …
ESTsoft analyzed the March 3 DDoS malware incident that disrupted about 40 public-sector, portal, shopping, finance, power, and transport sites in South Korea and abroad. The malware was distributed through compromised update servers at five Korean webhar…
Inka Internet reported a March 2011 DDoS campaign against major South Korean websites that used malware distributed through a domestic webhard service to turn many user systems into zombie PCs. The malware interfered with antivirus engine and pattern upda…
The March 2011 South Korea DDoS incident began with compromised web-hard update mechanisms, including Sharebox and later similar file-distribution services such as Bobofile and Filecity, which rapidly pushed malicious update binaries to users. The malware…