North Korea Probably Main Architect of Cyberattacks in South Korea

Security firm FireEye recently said that North Korea is apparently behind all cyberattacks which have exploited a word processing program mostly used in South Korea.

Hangul Word Processor (HWP), a proprietary program, is mainly used in the South by the government and public institutions.

Hancom, the developer of Hangul Word Processor, patched the vulnerability, CVE-2015-6585, on 7th September, 2015.

The conclusion of FireEye is interesting because only few attacks have been publicly attributed to this secretive nation which is known to have well-developed cyber capabilities.

One of the most important instances was the destructing attack in November 2014 against Sony Pictures which lost sensitive corporate data and email and caused many of its computers inoperable.

In a rare move, FBI analysed the malware and blamed North Korea for developing and using it to hack Sony and in other attacks.

FireEye States: "Without concluding, targeting proprietary word processing software of South Korea strongly suggests a specific interest in South Korean targets and FireEye Intelligence assesses, based on code similarities and infrastructure overlap that this activity may be associated with threat actors based at North Korea."

For example, one of the hardcoded command and control (C&C) IP addresses was used before by a variant of backdoor called "Macktruck". This malware was compiled in April 2015 which was seen in attacks probably launched by threat actors of North Korea.

Another example is the similarity between Hangman's functions and functions used by other malware families linked to North Korean groups like "Peachpit" backdoor. A function incorporated in both these threats seems to be exclusive suggesting Hangman and Peachpit were created by the same developer or at least they share code.

Very frequently, North Korea is the main suspect for cyberattacks targeted at South Korean entities. In March 2014, North Korea was charged for attempting to steal data from the defense ministry of South Korea and later on in the same year, National Intelligence Service of South Korea reported that North Korea had tried to hack more than 20,000 smartphones. Most recently, North Korea was charged for cyberattacks targeting nuclear power plant operator of South Korea.

» SPAMfighter News - 9/23/2015