Crossroads Blog | Institute National Security and Counterterrorism

cyber attack, terrorism

S. Korea comes under cyberattack, eyes N. Korea; wiper malware involved?

I’m sure you’ve already seen the news, but early this morning, reports started leaking out that computer networks in South Korea were crashing.  The AP (via the Washington Post) reported that “[c]omputer networks at major South Korean banks and top TV broadcasters crashed en masse Wednesday, paralyzing bank machines across the country and prompting speculation of a cyberattack by North Korea.”  Interestingly, the S. Koreans reported that whomever was behind the attack began displaying skulls on their computer screens.  The article noted that “Pyongyang was likely to blame,” though it’s still uncertain.

***

One of Kaspersky’s Lab Experts (via a blogpost on SecureList) began to analyze the news and the code behind the defacements.  I thought this was pretty significant:

The screenshots from victim’s computers indicate [that a] “Wiper” type of malware was also used. We have previously written about two other “Wiper”-style malwares: Iranian Wiper and Shamoon.

 

This could be very dangerous if it’s similar to Shamoon.

From the same SecureList blog post, here’s what the defacements looked like:

 

208194184

***

Here’s a NkNews.Org article purporting to show the aforementioned screenshots of wiped operating systems.  From the same article, a Youtube video of the above defacement.  They sure have a flair for the dramatic . . .

***

The S. Korean response, from The Guardian:


Leave a Reply

Bitnami