Inside the Briefcase

2017 State of Technology Training

2017 State of Technology Training

Pluralsight recently completed an in-depth survey of 300 enterprises...

IT Briefcase Exclusive Interview: Keeping Your (Manufacturing) Head in the Clouds

IT Briefcase Exclusive Interview: Keeping Your (Manufacturing) Head in the Clouds

with Srivats Ramaswami, 42Q
In this interview, Srivats Ramaswami,...

IT Briefcase Exclusive Interview: New Solutions Keeping Enterprise Business Ahead of the Game

IT Briefcase Exclusive Interview: New Solutions Keeping Enterprise Business Ahead of the Game

with Sander Barens, Expereo
In this interview, Sander Barens...

IT Briefcase Exclusive Interview: The Tipping Point – When Things Changed for Cloud Computing

IT Briefcase Exclusive Interview: The Tipping Point – When Things Changed for Cloud Computing

with Shawn Moore, Solodev
In this interview, Shawn Moore,...

Driving Better Outcomes through Workforce Analytics Webcast

Driving Better Outcomes through Workforce Analytics Webcast

Find out what’s really going on in your business...

South Korean Banks and Broadcasting Organizations Suffer Major Damage from Cyber Attack

March 21, 2013 No Comments

SOURCE: Symantec

It has been reported in the media that several South Korean banks and local broadcasting organizations have been impacted by a cyber attack.

The attack included the defacement of a Korean ISP/telecoms provider and also the crippling of servers belonging to a number of organizations.

The defacement displays an elaborate animated Web page with sound effects, showing three skulls and included a message by the claimed attackers calling themselves the “Whois” team.

The attack was first noticed when a number of websites began to experience problems. Customers of banks could not access their online accounts and reports of other sites being down began to surface. While specific details are not known at this time, it has been reported that a number of sites affected had their hard drives wiped leaving the affected computers in a crippled state.

Symantec detects the suspected malware as Trojan Horse/Trojan.Jokra and WS.Reputation.1.

We are currently performing detailed analysis of the threat. At this time, we can confirm that the malware performs the following actions:

- Creates a file mapping object to reference itself using the name: JO840112-CRAS8468-11150923-PCI8273V

- Ends two processes relating to local antivirus/security product vendors: pasvc.exe and clisvc.exe

- Enumerates all drives and begins to overwrite MBR and any data stored on it by writing either the string “PRINCIPES” or “HASTATI.” (note the period (.) at the end of the string). This will wipe all contents of the hard disk.

- The threat may also attempt to perform the same wiping actions on any drives attached or mapped to the compromised computer.

- Forces the computer to restart by executing “shutdown -r -t 0” which renders the computer unusable as the MBR and the content of the drive are now missing.

The results of the disk wiping actions are consistent with the major outages reported in that region. Disk wiping is not a new activity; in a separate incident in August 2012, a number of middle eastern organizations were hit by the W32.Disttrack (Shamoon) threat that caused similar damage by wiping hard disks.

There are currently no indications of the source of this attack or how the attackers infiltrated the affected parties. The real motives of the attack are also unclear but in recent times there has been a ramping up of political tensions in the Korean peninsula and these attacks may be part of either a clandestine attack or the work of nationalistic hacktivists taking issues into their own hands.

 

CLICK HERE to read additional information that has since been released about this attack.

SECURITY

Leave a Reply

(required)

(required)


ADVERTISEMENT

Gartner Infrastructure


Gartner Application Strategies


IBC 2017

ITBriefcase Comparison Report