hA0Kq1299454833075.pdf (169 KB)

The excerpt details the 3.3 DDoS incident in South Korea and states that the attacker and backing group were not identified. Malware operators abused update modules at four webhard services—Sharebox, Superdown, Bobofile, and Filecity—so users receiving updates became zombie PCs under attacker command. The infected hosts were used for DDoS attacks against public, government, and financial websites, and some variants also destroyed hard disks by damaging the MBR and deleting physical disk information after configured delays. The response included repeated antivirus updates, KISA dedicated vaccine releases, monitoring for C2 command changes, and public guidance to reduce DDoS and disk-destruction damage.