Nation state attack

Theories Abound on Wiper Malware Attack Against South Korea

Disruptions to businesses in South Korea continue today after hackers used wiper malware to take a number of banks and television networks offline yesterday. A number of financial systems at a half-dozen banks and production systems inside South Korea’s major television networks remain down, kicking off speculation as to who is behind the attacks and how they got in.

Why Watering Hole Attacks Work

Information security is littered with bad analogies. And none sounds sillier than a watering hole attack, which plays off the tactic that dominant animals use when stalking food by loitering at a watering hole. Rather than chase their prey, a lion will wait for prey to come to it. Hackers are doing the same thing to a great degree of success. Rather than using a spear phishing email campaign to lure prey to them, hackers are infecting vulnerable sites of a common interest to their targets, and then redirecting them to malware and more badness.

For five years, it hid in the weeds of networks used by Eastern European diplomats, government employees and scientific research organizations, stealing data and infecting more machines in an espionage campaign rivaling Flame and others of its ilk. The campaign, called Rocra or Red October by researchers at Kaspersky Lab, focused not only on workstations, but mobile devices and networking gear to gain a foothold inside strategic organizations. Once inside, attackers pivoted internally and stole everything from files on desktops, smartphones and FTP servers, to email databases using exploits developed in China and Russian malware, Kaspersky researchers said.

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.