tracing-lineage-darkseoul_31524.pdf (1 MB)

GIAC’s DarkSeoul case study describes destructive malware that crippled tens of thousands of South Korean banking and media-sector systems, wiping Windows and Unix-like hosts and disrupting ATMs, payment terminals, and mobile banking. The paper says South Korean authorities publicly attributed the attacks to North Korea, while researchers reached the same conclusion by tracing code commonalities and malware lineage across earlier South Korea-focused intrusions. The delivery discussion identifies AhnLab patch-management software as one reported vector, underscoring how trusted administration channels and prior intrusion access can amplify destructive impact.