31 reports
Symantec observed the Gongda exploit kit, which was mainly targeting South Korea, delivering Castov malware against specific South Korean financial companies and their customers. The initial Delphi-compiled stage can stop antivirus software, report the in…
The excerpt is a sample catalog rather than a full malware analysis, grouping related tools by PDB/debug strings: Concealment Troy, Http Dr0pper, Http Troy, PDF Exploit, TDrop, and additional package parts. It records PE timestamps from 2011-2013, MD5 has…
IssueMakersLab attributed the March 20 attacks on South Korean broadcasters and banks to a hacker group it said had conducted a long-running campaign against South Korea since 2007. The report connected the March 2013 activity to earlier operations throug…
A South Korean joint civilian-government-military investigation linked the March 2013 broadcast and financial-sector destructive attacks to methods previously associated with North Korean operations, while describing the attribution as based on accumulate…
The March 2013 Dark South Korea attack disrupted South Korean banks and broadcasters including KBS, MBC, YTN, Nonghyup, Shinhan, and Cheju, with roughly 47,800 systems reported impacted. The excerpt separates the activity into wiper, drop-and-wipe, drop-a…
Symantec connects the 2013 Trojan.Jokra activity against South Korea with earlier 2009 and 2011 destructive campaigns by comparing malware families and supporting artifacts. Trojan.Jokra overwrote the MBR and disk contents, including mapped network drives…
DarkSeoul is described as a cyber threat report requiring defender review of the published evidence. The source discusses attacker tradecraft, victim targeting, malware or infrastructure references, and operational context that may affect detection engine…
The Japanese roundup compiles government, media, vendor, and independent reporting on the March 2013 South Korean cyberattack that disrupted financial institutions and broadcasters and affected tens of thousands of PCs and servers. It describes destructiv…
WOWHACKER Group analyzed malware used in the March 20, 2013 South Korea cyberattack. The binary dynamically loads Windows libraries and APIs, checks for a file mapping marker to avoid repeat execution, kills security related processes such as pasvc.exe an…
Dell SecureWorks analyzed destructive Wiper malware used in the March 20, 2013 attacks that disrupted South Korean broadcasters, banks, and other financial-sector systems. The dropper extracted Windows wiper components, PuTTY SSH/SCP binaries, and a Unix …
Symantec reported that South Korean banks and local broadcasting organizations were disrupted by a cyberattack that included ISP defacement and server outages. The defacement showed an animated page with three skulls and a message from actors calling them…
Multiple South Korean banks and broadcasting organizations were hit by loud defacement activity attributed in the source to attackers using the handle “Whois Team.” The defacement code exposed several whois.com-themed email aliases used by the attackers, …
SophosLabs identified the malware used in the March 2013 disruption of South Korean banks and broadcasters, where Shinhan, NongHyup, KBS, MBC, and YTN systems were reportedly affected. The malware, detected as Mal/EncPk-ACE and dubbed DarkSeoul, attempted…
South Korean financial institutions, broadcasters, media sites, and North Korea-related organizations were hit by destructive malware and website defacements beginning around 14:00 on March 20, 2013. The malware family used droppers and downloaders that i…
South Korean police attributed the June 2012 JoongAng Ilbo intrusion to North Korean-linked activity after examining compromised newspaper production systems, security logs, six malware samples, and domestic and overseas relay servers. The attacker using …