S. Korea Says Cyber Attack From North Wiped 48,700 Machines

Posted by Unknown on Wednesday April 10, 2013 @02:12AM from the retaliation-will-be-swift-and-ineffective dept.

wiredmikey writes "An official investigation into a major cyber attack on South Korean banks and broadcasters last month has determined that North Korea's military intelligence agency was responsible. An investigation into access records and the malware used in the attack pointed to the North's military Reconnaissance General Bureau as the source, the Korea Internet and Security Agency (KISA) said on Wednesday. To spread the malware, the attackers went through 49 different places in 10 countries including South Korea, the investigation found. The attacks used malware that can wipe the contents of a computer's hard disk (including Linux machines) and damaged 48,700 machines including PCs, ATMs, and servers."

2 of 186 comments (clear)

Min score:

Reason:

Sort:

The Scoop by camperdave · 2013-04-10 02:22 · Score: 5, Informative

Symantec has an analysis of the linux component. It relies on extracting a history of ssh connections from windows machines from an application called mRemote, an open source, multi-protocol remote connections manager.

--
When our name is on the back of your car, we're behind you all the way!
1. Re:The Scoop by iggymanz · 2013-04-10 02:29 · Score: 5, Informative
  
  more accurately, it checks for parameters of any ssh connection *with root privileges*. everyone see the problem there? every owner of every machine that fell to the n. korean attack richly deserved what they got. piss poor security will bite one in the ass.