Symantec linked Backdoor.Destover, the destructive malware highlighted in an FBI Flash Warning, to earlier South Korea-focused activity through shared infrastructure and tradecraft. Some Destover samples reported to a command-and-control server also used by a Korean-targeted Trojan.Volgmer variant that only ran on systems whose region was set to Korea, suggesting possible operator overlap. The report also notes similarities with the 2013 Jokra attacks against South Korean banks, broadcasters, and a telecom site, including delayed wiping behavior and overlapping component/file-name patterns, while cautioning that hard proof of a direct link was not available and copycat activity remained possible. Destover’s payload could delete files on fixed and remote drives, modify the partition table, install an additional backdoor module, connect to ports 8080 and 8000, and display an extortion-style message via a port-80 backdoor.