Hackers used stolen credentials in South Korean cyber attack


We reported last week on how multiple financial institutions and television stations in South Korea were knocked offline by a destructive malware.

With more than 32,000 servers hit, reports on various websites noted that the malware was able to elude detection by security software by South Korea-based AhnLab; others said that the attack used AhnLab servers to launch the attack.

This is not true, according to AnhLab, which denied that security holes in any of its products were used to deliver the malicious code. Instead, the company says that the unidentified hackers made used of stolen IDs and passwords to launch some of the attacks, including exploiting existing mechanisms for delivering new software and security updates.

"The credentials were used to gain access to individual patch management systems located on the affected networks," wrote the company in an email. "Once the attackers had access to the patch management system they used it to distribute the malware much like the system distributes new software and software updates."

Regardless of how the various malware were able to infect the South Korean computer networks, the lack of financial motive suggests that they had state-sponsored origins. Also, various logic bombs found in some of the malware helped ensure maximum disruption, as a large number of systems crashed within a very short period of time.

For more:
- check out this article at InformationWeek

Related Articles:
South Korean banks, broadcasters hit by cyber attack
Chinese hackers break into NYT, WSJ networks