31 reports
KISA/KRCERT's 2013 Internet & Security Focus article reviews major South Korean Internet incidents from 2003 through 2013, including Slammer worm disruption, identity-theft and large-scale personal-data breaches, the 7.7 DDoS attacks, the 3.4 DDoS campaig…
Kaspersky describes Icefog as an interactive APT backdoor set active since at least 2011, targeting mostly Japan and South Korea across government, military contractor, maritime, shipbuilding, telecom, industrial, high-tech, and media organizations. The c…
ASEC reviewed malware samples associated with Kaspersky's Kimsuky operation and found that related variants had been observed as early as 2009, with renewed activity and multiple variants appearing from June 2013 through September 2013. The activity targe…
Kimsuky Operation is described as a suspected North Korea-linked cyber-espionage campaign targeting South Korean organizations including the Sejong Institute, KIDA, the Ministry of Unification, Hyundai Marine & Fire Insurance, and a reunification-focused …
Kaspersky described a months-long cyber-espionage campaign, named the Kimsuky operation, targeting South Korean think tanks, defense policy bodies, the Ministry of Unification, Hyundai Merchant Marine, and related organizations. The malware used Korean-la…
The 6.25 DNS DDoS malware used compromised Simdisk distribution infrastructure to infect PCs and redirect DNS amplification traffic toward South Korean government DNS servers. The report, based on Fortinet's analysis, says the SimDisk_setup.exe package dr…
South Korea's Ministry of Science, ICT and Future Planning said the June 25 cyberattack against the Blue House, the Office for Government Policy Coordination, media servers, and other sites matched previously observed North Korean hacking methods. Investi…
AhnLab’s analysis of the June 25, 2013 cyberattack describes DDoS activity against South Korean government and media-related targets beginning at 10:00 local time. One attack path used malware distributed through modified webhard installer and update file…
McAfee Labs links the March 20, 2013 Dark Seoul disruption to a longer Operation Troy espionage campaign against South Korean targets rather than a standalone wiping incident. The report says attackers likely gained remote access before the attack through…
ASEC analyzed malware built to conduct DDoS attacks against South Korean government websites at 10:00 on June 25 and also found related malware designed to destroy hard disks. The RDPSHELLEX.EXE sample checks for prior infection with a mutex, installs as …
FireEye's 6.25 Cyber Attack Analysis Report describes the June 25, 2013 campaign in which attackers modified a web-hard installer to distribute malware, build a botnet, and trigger DDoS activity at a scheduled time. The report says the malware used Themid…
The excerpt describes a June 2013 incident wave in South Korea that disrupted government, political, military, and media sites, including outages, defacements, and publication of personal data allegedly taken from government-related systems. It reports th…
Symantec linked a June 25 DDoS attack against South Korean government websites to the DarkSeoul gang and Trojan.Castov, placing it in a four-year pattern of attacks against South Korea. The report connects DarkSeoul to earlier destructive activity, includ…
Fortinet Korea's 6.25 DNS DDoS report attributes the June 25 disruption of South Korean government sites to malware that abused infected hosts to attack the government DNS servers ns.gcc.go.kr and ns2.gcc.go.kr. The initial sample was downloaded from simd…
Malware.lu CERT and itrust analyzed a suspicious PDF named “Draft response letter Slovenia.pdf” that they identify as KimJongRAT/Stealer after it was uploaded to malwr.com in May 2013. The document describes a PDF exploit that deploys sysninit.ocx and a l…