March Attack On South Korea Might Have Been A Test Run, Researchers Say

  /     /     /  
Publicated : 22/11/2024   Category : security


March Attack On South Korea Might Have Been A Test Run, Researchers Say


Sophisticated attack was likely perpetrated by the same group who hit country in 2009, McAfee report says



A cyberattack that affected the South Korean government and 40 affiliated sites might have been the work of North Korea, researchers said yesterday.
In a
blog and report
posted Tuesday, McAfee researchers suggested that the March attack bears strong similarities to the attack made on South Korea in July 2009, but is significantly more sophisticated.
Fourteen of the targets were the same as in the 2009 attacks, but nearly all of the U.S.-based targets -- such as the White House, State Department, FAA, and FTC -- were removed from the target list, the blog states. The modus operandi of the attacks was identical and unusually destructive for typical botnet attacks: the botnet, based in South Korea, was dynamically updated via new malware binaries, launched a relentless DDoS for slightly over a week, and then destroyed the machines it was deployed on.
The March 2011 attack was much more sophisticated, the researchers say: In fact, it was analogous to bringing a Lamborghini to a go-cart race.
McAfee says that multiple encryption algorithms, such as AES, RC4, and RSA, were used to obfuscate numerous parts of the code and configuration of the March attack. More than 40 globally distributed multi-tier command and control servers were used to dynamically update the malware and its configurations in a fashion designed to be highly resilient against takedowns, the researchers say.
Why would such sophistication be used in a simple DDoS attack? We believe this incident -- which we estimate has a 95 percent chance of being perpetrated by the same actors as the July 4th 2009 attacks -- has very clear anti-Korean and anti-U.S. political motivations and is potentially is even more insidious, the blog states. This may very well have been a test, an armed cyber reconnaissance operation of sorts, perhaps conducted by the North Korean military as the South Korean National Intelligence Agency has asserted, to test the defenses -- and more importantly, the reaction time of the Korean government and civilian networks -- to a well-organized and highly obfuscated attack.
A detailed
report
(PDF)offers a look at the target websites, the methodology of the DDoS attack, and specifics on the cryptographic algorithms used to obfuscate the attack.
Have a comment on this story? Please click Comment below. If youd like to contact
Dark Readings
editors directly,
send us a message
.

Last News

▸ Debunking Machine Learning in Security. ◂
Discovered: 23/12/2024
Category: security

▸ Researchers create BlackForest to gather, link threat data. ◂
Discovered: 23/12/2024
Category: security

▸ Travel agency fined £150,000 for breaking Data Protection Act. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
March Attack On South Korea Might Have Been A Test Run, Researchers Say