North Korea Believably Targeted South with Espionage Attack
Security researchers at Kaspersky Lab have just revealed one espionage scheme that believably originated from North Korea and aimed attacks on many military and government departments of South Korea.
The anti-virus software solutions provider Kaspersky Lab said that the spying assault named "Kimsuky," worked through malware utilization that stole sensitive data belonging to the departments and had the researchers keep track of the malicious program over many months passed.
The assaults targeted 11 organizations in all, among which the Korea Institute for Defense Analyses, the Sejong Institute, an NGO named the Supporters of Korean Unification, the Hyundai Merchant Marine and Ministry of Unification of South Korea are some.
Lab Expert Dmitry Tarakanov of Kaspersky said that the espionage campaign was extremely narrow while being highly personalized and those were partly responsible for non-identification of the way the malware got disseminated. The malevolent variants discovered were the initial phase malicious programs usually installed through spear-phishing e-mails, he added. Itpro.co.uk published this dated September 12, 2013.
The malware records users' keyboard activities, garners directory listings, accesses machines through remote control, as also steals HWP documents that are the word processing software of South Korea and part of Hancom Office package that regional government agencies extensively utilize. Further, the malware solely deactivates the security programs that AhnLab a renowned security company in South Korea provides.
Kaspersky found that the attackers utilized the non-chargeable e-mail system of Bulgaria for instructing their malware. Two e-mail ids were found namely firstname.lastname@example.org and email@example.com, which associated with the attack as well as were registered as "Kim asdfa" or "Kimsukyang" like in Kimsuky.
Elsewhere Tarakanov stated that the above could imply that North Korea was involved, just like the ten Internet Protocol addresses of the espionage scheme that had their bases in the Chinese regions of Liaoning and Jilin, which were extremely near to NK. Techweekeurope.co.uk published this dated September 12, 2013.
Tarakanov added that the ISPs serving the said regions were also understood as keeping routes to North Korea.
And while this' the latest attack on South Korea from the North, the latter too has been claiming assaults against it from the South.
» SPAMfighter News - 20-09-2013