1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Hacking group that hit South Korea may be at it again with new target

Discussion in 'Network World' started by RSS, Nov 19, 2015.

  1. RSS

    RSS New Member Member

    A hacking group that crippled South Korean banks, government websites and news agencies in early 2013 may be active again, Palo Alto Networks said Wednesday.

    The firewall maker said it found strong similarities between malware used in a recent attack in Europe and that used in the South Korean attacks, referred to as Dark Seoul and Operation Troy.

    The organization in Europe that was attacked was likely a victim of spear-phishing, where an email with a malware attachment or a harmful link is sent to hand-picked employees.

    The malware had been wrapped into legitimate video player software that was hosted by an industrial control systems company, wrote Bryan Lee and Josh Grunzweig of Palo Alto in a blog post. The code appears to be the same as the malware used in the Dark Seoul attacks although without the destructive component that wipes hard drives.

    To read this article in full or to leave a comment, please click here

    Continue reading...

Share This Page