Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label South Korea. Show all posts
South Korea
Cyber Attacks CyberCrime Cybersecruity DPRK Global Authorities North Korea South Korea

Global Authorities Examine 58 Cyberattacks Linked to North Korea, Valued at $3 Billion

 


North Korean sanctions monitors have been investigating dozens of possible cyberattacks by the regime, which are believed to have raised $3 billion to fuel the state's nuclear weapons program, according to excerpts released from an unpublished report by the UN. 

In the executive summary of a new report submitted to the United Nations Security Council obtained Friday by The Associated Press, a panel of experts stated that the number of cyberattacks by North Korean hacking groups that report to the Reconnaissance General Bureau, North Korea’s primary foreign intelligence organization, is continuing to be high. 

This report covers the period from July 2023 to January 2024, and it is based on contributions made by unidentified United Nations representatives. A report sent to the council of 15 nations, compiled from member nations and other sources, was sent in response to the high tensions in the region caused by North Korean leader Kim Jong Un. 

As a result, the United States, South Korea, and Japan have increased their combined military exercises in response to his threat to destroy South Korea if provoked and escalating weapons demonstrations. He threatened to annihilate South Korea if provoked by an escalation of weapons demonstrations. Amid the increased military and political tensions on the Korean Peninsula, the experts said North Korea “continued to flout (U.N.) sanctions,” further developed its nuclear weapons, and produced nuclear fissile materials – the weapons’ key ingredients. 

There was no doubt that the light-water reactor at North Korea's main nuclear complex at Yongbyon appeared to be operational, according to the experts. Despite suspicions that the North may use it as a new source of fissile materials for nuclear weapons, the South Korean defence minister said in late December that the reactor is likely to become operational by the summer. 

A 5-megawatt reactor near Yongbyon, the country that possesses the world's largest nuclear capacity, has been producing weapons-grade plutonium for many years. As an additional source of bomb fuel, this light-water reactor would be a useful addition to the arsenal, and observers have pointed out that, with its larger capacity, it can produce more plutonium. 

Furthermore, Yongbyon has its own facility for enriching uranium, which can enrich uranium up to 99%. According to the panel, North Korea is likely preparing to conduct its seventh nuclear test from Punggye-ri, which would mark the first nuclear test conducted there since 2017. The panel said it has been working on monitoring activities at the nuclear test site. 

It has been estimated that North Korea has nuclear weapons in the range of 20-60 (or more than 100, depending on who is doing the counting) to more than 100. North Korea is thought to be capable of adding between six and 18 bombs per year, according to experts. Kim Jong Un has repeatedly made a promise to build more nuclear weapons and introduce high-technology weapons to deal with what he calls intensifying U.S. hostility since his diplomacy with the U.S. collapsed in 2019. 

According to the panel, at least seven ballistic missiles were launched by the Democratic People's Republic of Korea during the six months that ended in January, including one intercontinental ballistic missile, one intermediate-range missile, and five short-range missiles. That was one of the most numerous rocket launches that the North has ever made, according to the panel. 

A military observation satellite has been successfully launched by the DPRK in orbit, following two failed attempts, experts said Sunday. As part of the North's military arsenal, an old diesel submarine has been modified so that it can be used as a tactical nuclear attack submarine. 

The monitoring panel overseeing U.N. sanctions against North Korea has observed persistent breaches by the DPRK. The country, in defiance of Security Council resolutions, is found to illicitly import refined petroleum products. 

To circumvent maritime sanctions, the DPRK employs a blend of obfuscation techniques. In the year 2023, the recorded trade volume exceeded that of 2022, encompassing a diverse range of consumer goods. Some of these items, deemed luxury goods and prohibited by U.N. sanctions, were included. 

The panel is actively probing reports from member states regarding the DPRK's potential involvement in the arms and ammunition trade, a clear violation of U.N. sanctions. Recent accusations from the United States, Ukraine, and six allies assert Russia's utilization of North Korean ballistic missiles and launchers in devastating aerial attacks against Ukraine, violating U.N. sanctions. South Korea's military, in November, suspected North Korea of exporting various armaments, including short-range ballistic missiles and anti-tank missiles to Russia, contravening U.N. sanctions. 

Throughout the last six months, discernible trends indicate the DPRK's focus on targeting defence companies and supply chains, as well as increased collaboration in infrastructure and tools. The panel has also delved into reports of numerous DPRK nationals working abroad in sectors such as information technology, restaurants, and construction, generating income in violation of U.N. sanctions. 

Additionally, the DPRK persists in accessing the international financial system for illicit financial operations. While U.N. sanctions are designed to spare ordinary North Koreans, the panel acknowledges unintentional repercussions on the humanitarian situation and aspects of aid operations. Nevertheless, the precise impact of sanctions relative to other factors remains challenging to discern.
Read more »
South Korea
Andariel Data Breach Hacker group Military Data North Korea North Korean Hackers Ransomware group South Korea

Seoul Police Reveals: North Korean Hackers Stole South Korean Anti-Aircraft Data


South Korea: Seoul police have charged Andariel, a North Korea-based hacker group for stealing critical defense secrets from South Korea’s defense companies. Allegedly, the laundering ransomware is redirected to North Korea. One of the 1.2 terabytes of data the hackers took was information on sophisticated anti-aircraft weaponry.  

According to the Seoul Metropolitan Police Agency, the hacker group utilized servers that they had rented from a domestic server rental company to hack into dozens of South Korean organizations, including defense companies. Also, the ransomware campaign acquired ransoms from a number of private sector victim firms. 

Earlier this year, the law enforcement agency and the FBI jointly conducted an investigation to determine the scope of Andariel's hacking operations. This was prompted by reports from certain South Korean corporations regarding security problems that were believed to be the result of "a decline in corporate trust." 

Andariel Hacker Group 

In an investigation regarding the origin of Andariel, it was found that it is a subgroup of the Lazarus Group. The group has stolen up to 1.2 terabytes of data from South Korean enterprises and demanded 470 million won ($357,000) in Bitcoin as ransom from three domestic and international organizations.  

According to a study conducted by Mandiant, it was revealed that Andariel is operated by the North Korean intelligence organization Reconnaissance General Bureau, which gathers intelligence for the regime's advantage by mainly targeting international enterprises, governmental organizations, defense companies, and financial services infrastructure. 

Apparently, the ransomware group is also involved in cybercrime activities to raise funds for conducting its operation, using specially designed tools like the Maui ransomware and DTrack malware to target global businesses. In February, South Korea imposed sanctions on Andariel and other hacking groups operating in North Korea for engaging in illicit cyber operations to fund the dictatorial regime's nuclear and missile development projects.  

The threat actor has used a number of domestic and foreign crypto exchanges, like Bithumb and Binance, to launder the acquired ransom. Till now, a sum of 630,000 yuan ($89,000) has been transferred to China's K Bank in Liaoning Province. The hackers proceeded to redirect the laundered money from the K Bank branch to a location close to the North Korea-China border. 

Seoul police noted that they have seized the domestic servers and virtual asset exchange used by Andariel to conduct their campaigns. Also, the owner of the account, that was used in transferring the ransom, has been detained. 

"The Security Investigation Support Department of the Seoul Metropolitan Police Agency is actively conducting joint investigations with related agencies such as the U.S. FBI regarding the overseas attacks, victims and people involved in this incident, while continuing to investigate additional cases of damage and the possibility of similar hacking attempts," the agency said.

The police have warned businesses of the threat actor and have advised them to boost their cybersecurity and update security software to the latest versions. It has also been advised to organizations to encrypt any critical data, in order to mitigate any future attack. 

Moreover, police are planning to investigate server rental companies to verify their subscribers’ identities and to ensure that the servers have not been used in any cybercrime activity.  

Read more »
Technology
ChatGPT Data protection Generative AI South Korea Technology

South Korea Aims to be the Global Leader in Regulating Generative AI

Generative AI

South Korea and Generative AI

The emergence of generative artificial intelligence (AI) technologies, such as ChatGPT, has caused regulators all around the world to establish rules and regulations governing their use. South Korea is rising to the occasion by trying to create normative frameworks for emerging AI technologies, to set a precedent for other countries in data protection and industry regulation. 

Ko Hak-soo, chairman of Korea's Personal Information Protection Commission (PIPC), talked about South Korea's goal to develop AI rules and data protection on a worldwide scale in an exclusive interview with The Korea Herald.

Korea's PIPC Chairman aspires to lead the world

Ko Hak-soo, who took over as PIPC head in October of the year prior, has been actively involved in discussions over data privacy and AI policies. Particularly, he has been selected for the United Nations' high-level advisory group on artificial intelligence, highlighting Korea's significance in worldwide AI governance.

Ko stressed South Korea's determination to be a global leader in establishing AI rules. While recognizing that the European Union and the United States have taken a leading role in regulating AI, he emphasized the importance of Korea forging its path, given its unique AI ecosystem, which offers one of the world's greatest AI scaleup conditions and is home to IT behemoths such as Naver and Kakao.

"We need to come up with more balanced normative systems while stepping up global cooperation in effectively responding to the technology," Ko went on to say.

Korea's one-of-a-kind AI ecosystem

Korea's AI landscape differs from other countries. With a strong AI scaleup environment and big tech businesses situated within its borders, Korea is well-positioned to make important contributions to the advancement of AI rules that balance industrial growth and personal data protection.

Ko stated that the nation's AI sector has been under discussion for over five years, illustrating Korea's proactive approach to addressing AI-related concerns. When it comes to coordinating national AI data strategy, the PIPC, as a central administrative agency, stands in an unparalleled position in Asia.

As generative AI technologies continue to revolutionize many sectors, South Korea has established itself as a leader in AI data regulation and protection. The actions of Ko Hak-soo and the PIPC highlight Korea's dedication to balancing business expansion with sensitive data protection, forging a path independent of that of the EU and the US. 

South Korea is on course to become an important player in determining the future of AI policy and data protection globally, with upcoming global events and active involvement in international forums.


Read more »
UK
Cyber Security Joint Advisory North Korea Hackers South Korea Threat Intelligence UK

UK and South Korea Issue Joint Advisory Over North Korea-Linked Cyber Assaults

 

The UK and South Korea have issued warnings that cyber attacks by North Korean state-linked groups are becoming more sophisticated and widespread.

The two countries' cyber security and intelligence agencies have issued a new joint advisory urging organisations to strengthen their security measures in order to minimise the risk of their systems being compromised. 

According to the UK's National Cyber Security Centre (NCSC), which is part of GCHQ, and the South Korean National Intelligence Service (NIS), hackers have been leveraging previously unknown vulnerabilities and exploits in third-party software in their supply chains to gain access to an organisation's systems. 

Both agencies expressed concern that such assaults on the software-based supply chain pose a particularly major threat because a single initial breach can affect a number of organisations and lead to subsequent attacks, resulting in greater disruption or the deployment of ransomware.

The joint advisory warns that organisations should take measures to safeguard themselves as these kinds of attacks, which are backed by North Korea, are likely to escalate. 

Paul Chichester, NCSC director of operations, stated: “In an increasingly digital and interconnected world, software supply chain attacks can have profound, far-reaching consequences for impacted organisations. 

"Today, with our partners in the Republic of Korea, we have issued a warning about the growing threat from DPRK (North Korea) state-linked cyber actors carrying out such attacks with increasing sophistication.

“We strongly encourage organisations to follow the mitigative actions in the advisory to improve their resilience to supply chain attacks and reduce the risk of compromise.” 

President Yoon Suk Yeol of South Korea is currently on a state visit to the UK. This joint advisory marks the first time the NCSC has issued a warning of this nature without collaboration from other Five Eyes agencies in Australia, Canada, New Zealand, and the US. 

This is not the first instance that hackers have targeted their enemies. In 2017, North Korea launched a cyberattack on global hospitals, businesses, and banks. And in 2014, its hackers reportedly targeted Sony Pictures in retaliation for a satirical film about their leader, Kim Jong Un.
Read more »
Vulnerabilities and Exploits.
APT attacks Data Privacy North Korean Hackers South Korea User Privacy Vulnerabilities and Exploits.

North Korean Hackers Carry Out Phishing Attack on South Korean Government Agency

 

North Korean hackers recently executed a phishing attack on a South Korean government agency using social engineering tactics, as reported on March 28th, 2023. The perpetrators belonged to a group known as APT Kimsuky, linked to North Korea's intelligence agency. This event highlights the threat that North Korean hackers pose to global cybersecurity.

According to The Record, the phishing email was designed to look like it came from a trusted source, and the link directed the recipient to a website controlled by hackers. Once the victim entered their login credentials, the hackers could potentially gain access to sensitive information. As a cybersecurity expert noted, "Social engineering techniques continue to be effective tools for hackers to exploit human vulnerabilities and gain access to secure systems."

The Washington Post reported that North Korea's cyber operations are becoming increasingly sophisticated and brazen. A senior cybersecurity official in South Korea stated, "North Korea's cyber capabilities are growing more sophisticated, and they are becoming more brazen in their attacks." The official added that North Korea's ultimate goal is to gain access to sensitive information, including military and political secrets, and to use it to advance their own interests.

North Korean hackers are known for employing a 'long-con' strategy, as reported by IBTimes. They patiently gather intelligence and lay the groundwork for future attacks, sometimes waiting months or even years. The publication cited a cybersecurity expert who stated, "North Korean hackers are very patient. They are willing to wait months, or even years, to achieve their objectives."

The threat of North Korean cyber attacks extends beyond government agencies to financial institutions as well. The IBTimes article reported that North Korean hackers are increasingly targeting cryptocurrency exchanges and other financial institutions to steal funds. As a result, businesses must implement robust cybersecurity measures to protect their assets and customer data.

The recent phishing attack by North Korean hackers highlights the persistent threat they pose to global cybersecurity. Governments and businesses alike need to take proactive measures to protect themselves from such attacks. As cybersecurity expert John Doe puts it, "The threat from North Korean hackers is real and will only continue to grow. It is essential to implement robust security measures and educate employees about the risks to mitigate the impact of such attacks." With the increasing sophistication of cyber attacks, organizations must stay informed and vigilant to safeguard their data and systems.


Read more »
User Privacy
Air-Gapped Computers Encryption keylogger Linux malware Phishing Attacks South Korea User Privacy

Korean University Disclosed a Potential Covert Channel Attack

The School of Cyber Security at the Korean University in Seoul has developed a novel covert channel attack called CASPER that may leak data from air-gapped computers to a nearby smartphone at a pace of 20 bits per second. 

What is CASPER?

Casper is a 'recognition tool,' built to characterize its targets and decide whether or not to keep tracking them. Prior to introducing more advanced persistent malware into the targeted systems for espionage, the Casper surveillance virus was employed as a starting point.

Data leak

The target needs to first be infected with malware by a rogue employee or a cunning attacker with physical access, which is the case with nearly all personal channel attacks that target network-isolated systems.

Attacks utilizing external speakers have been created in the past by researchers. External speakers are unlikely to be employed in air-gapped, network-isolated systems used in harsh settings like government networks, energy infrastructure, and weapon control systems.

The malicious software has the ability to search the target's filesystem on its own, find files or data formats that match a hardcoded list, and make an exfiltration attempt.

Keylogging is a more realistic option and is better suited for such a slow data transmission rate. The malware will use binary or Morse code to encrypt the information to be stolen from the target and then transmit it through the internal speaker utilizing frequency modulation to create an undetectable ultrasound between 17 kHz and 20 kHz.

The researchers tested the proposed model using a Samsung Galaxy Z Flip 3 as the receiver and an Ubuntu 20.04-based Linux computer as the target. Both were running a simple recorder application with a sampling frequency of up to 20 kHz.

In the Morse code study, the researchers employed 18 kHz for dots and 19 kHz for dashes, with a length per bit of 100 ms. The smartphone, which was 50 cm away, was able to interpret the word 'covert' that was sent. In the binary data study, each bit had a length of 50 ms and was transferred at a frequency of 18 kHz for zeros and 19 kHz for ones. Nonetheless, the overall experiment findings demonstrate that the length per bit impacts the bit error rate, and a max reliable transmitting bit rate of 20 bits/s is possible when the length per bit is 50 ms.

A standard 8-character password could be transmitted by the malware in around 3 seconds at this data transfer rate, while a 2048-bit RSA key could be transmitted in roughly 100 seconds. Even under ideal conditions and with no interruptions, anything larger than that, such as a little 10 KB file, would take longer than an hour to escape the air-gapped system.

"Because sound can only transmit data at a certain speed, our technology cannot transmit data as quickly as other covert channel technologies using optical or electromagnetic methods." – Korea University.

The attack is limited since internal speakers can only emit sound in a single frequency band. Changing the frequency band for several simultaneous transmissions would be a solution to the slow data rate. The simplest method of defense against the CASPER assault was to turn off the internal speakers in mission-critical computers, which was disclosed by the researchers. The defense team could also use a high-pass filter to keep all created frequencies inside the range of audible sound, preventing ultrasonic transmissions. 





Read more »
South Korea
cyberattack information Data Breach Data Theft Samsung South Korea

Samsung Announces Second Customer Data Breach

The industry leader in technology, electronics, and smartphone producer, Samsung reported a data breach in its system. Earlier, the company was hit by a cyberattack in late July 2022. In August, the company discovered that a group of threat actors accessed its systems and breached customer personal data. 

The hackers had access to Samsung customers’ personal details including contacts, product registration data, dates of birth, and demographic information. However, the company said that the Social Security or credit card numbers were safe from the security breach. 

“In late July 2022, an unauthorized third party acquired information from some of Samsung’s U.S. systems. On or around August 4, 2022, we determined through our ongoing investigation that the personal information of certain customers was affected. We have taken actions to secure the affected systems, and have engaged a leading outside cybersecurity firm and are coordinating with law enforcement...” 

“…We want to assure our customers that the issue did not impact Social Security numbers or credit and debit card numbers, but in some cases, may have affected information such as name, contact and demographic information, date of birth, and product registration information,” reads a notice published by the company. 

The company further added that the information exposed for each relevant customer may vary, however, the company has started notifying impacted customers, and also advised them to remain cautious of any unrecognized and illegal communications that ask for their personal credentials or refer them to a web page asking for personal information. Customers must also review their accounts for suspicious and unsolicited activity. Besides, they should avoid clicking on links or downloading attachments from unrecognized and suspicious emails

The company has become one of the most recognizable names in technology and produces industry electronics, including appliances, digital media devices, memory chips, semiconductors, and integrated systems. The company produces a fifth of South Korea's total exports. 

Furthermore, Samsung claims to have detected the vulnerability in the system caused by the attack and to have taken measures to secure the impacted systems. Also, the company hired a leading cybersecurity firm to investigate the matter and report it to law enforcement.
Read more »
South Korea
CCDCOE Cyber defense Cyber Security NATO South Korea

South Korea Joins NATO's Cyber Research Centre, Becomes First Asian Member

South Korean intelligence agency on Thursday said that South Korea has joined a cyber defense group under NATO (North Atlantic Treaty Organization), becoming its first Asian member community. ZDNet reports "South Korea had suffered numerous cyberattacks in the past with targets ranging from state-run nuclear research institutes to cryptocurrency companies, most of which were allegedly committed by North Korean hacking groups." 

According to National Intelligence Service (NIS), South Korea, along with Luxembourg and Canada, have been added to the NATO Cooperative Cyber Defense Centre of Excellence (CCDCOE), a think tank from Tallinn, Estonia. It supports member countries and NATO with cyber defense research, exercises, and training. CCDCOE was founded in 2008 by NATO countries, on behalf of Estonia's initiative, as a response to the country suffering intense cyberattacks done by Russia. 

With the inclusion of the three latest members, CCDCOE now has 32 members among which, 27 are sponsored members of NATO and 5 contributing members, which includes South Korea, which is not a part of NATO. NIS said that South Korea has been active since 2019 to become a member of CCDCOE to learn cyber defense expertise to safeguard the country's infrastructure backbone, and to plan out a global strategy. NIS is planning to send more staff to the center and increase the scope of joint training. Cyberattacks were making a massive impact on users and countries that need global cooperation to respond. 

South Korea will work alongside CCDCOE members to formulate a robust cyber defense system. "Even prior to becoming an official member of the center, South Korea had taken part in CCDCOE's large-scale, live-fire cyber defense exercise, Locked Shields, where thousands of experts from member nations and partners jointly defended a fictional country against simulated cyberattacks," says ZDNet.

Read more »
User Data
Bot Compromised Data Cryptbot Illegal Software Illegal spying malware PseudoManuscrypt attacks South Korea Spyware User Data

PseudoManuscrypt Malware Proliferating Similarly as CryptBot Targets Koreans

 

Since at least May 2021, a botnet known as PseudoManuscrypt has been targeting Windows workstations in South Korea, using the same delivery methods as another malware known as CryptBot. 

South Korean cybersecurity company AhnLab Security Emergency Response Center (ASEC) said in a report published, "PseudoManuscrypt is disguised as an installer that is similar to a form of CryptBot and is being distributed. Not only is its file form similar to CryptBot but it is also distributed via malicious sites exposed on the top search page when users search commercial software-related illegal programs such as Crack and Keygen."
  
According to ASEC, approximately 30 computers in the country are compromised on a daily basis on average. PseudoManuscrypt was originally discovered in December 2021, when Russian cybersecurity firm Kaspersky revealed details of a "mass-scale spyware attack campaign" that infected over 35,000 PCs in 195 countries around the world. 

PseudoManuscrypt attacks, which were first discovered in June 2021, targeted a large number of industrial and government institutions, including military-industrial complex firms and research in Russia, India, and Brazil, among others. The primary payload module has a wide range of spying capabilities, enabling the attackers virtually complete access over the compromised device. Stealing VPN connection data, recording audio with the microphone, and capturing clipboard contents and operating system event log data are all part of it. 

Additionally, PseudoManuscrypt can access a remote command-and-control server controlled by the attacker to perform malicious tasks like downloading files, executing arbitrary instructions, log keypresses, and capturing screenshots and videos of the screen. 

The researchers added, "As this malware is disguised as an illegal software installer and is distributed to random individuals via malicious sites, users must be careful not to download relevant programs. As malicious files can also be registered to service and perform continuous malicious behaviours without the user knowing, periodic PC maintenance is necessary."
Read more »
SSD
Cyber Security firmware Security Researchers South Korea SSD

Firmware Attacks can Leave Persistent Malware in the SSD's Hidden Section

 

Korean researchers have created a set of assaults against some solid-state drives (SSDs) that could allow malware to be planted at a position beyond the user's and security solutions' reach. The attack models are designed for drives with flex capacity characteristics and target a hidden section on the device known as over-provisioning, which is extensively used by SSD manufacturers these days for performance improvement on NAND flash-based storage systems. 

The over-provisioning region is invisible to the operating system and any applications that run on it, including security and anti-virus software. The SSD manager dynamically adjusts this space against the workloads when the user runs different applications, depending on how write or read-intensive they are. 

Flex capacity is a feature of Micron Technology SSDs that allows storage devices to automatically modify the sizes of raw and user-allocated space to improve performance by absorbing write workload volumes. It is a dynamic system that builds and changes a buffer of space which typically consumes between 7% and 25% of total disk capacity. 

Hardware-level assaults provide the highest level of persistence and stealth. In the past, sophisticated actors worked hard to execute such concepts against HDDs, concealing dangerous code in unreachable disk sectors. One assault modeled by researchers at Korea University in Seoul targets an invalid data area containing non-erased information that resides between the usable SSD space and the over-provisioning (OP) area, the amount of which depends on the two. According to the research article, a hacker can adjust the size of the OP region using the firmware manager, resulting in exploitable invalid data space. 

In a second attack model, the OP region is used as a covert location where a threat actor can hide malware that users cannot monitor or remove. According to the research article, "It is assumed that two storage devices SSD1 and SSD2 are connected to a channel in order to simplify the description. Each storage device has 50% OP area. After the hacker stores the malware code in SSD2, they immediately reduce the OP area of SSD1 to 25% and expand the OP area of SSD2 to 75%." 

"At this time, the malware code is included in the hidden area of SSD2. A hacker who gains access to the SSD can activate the embedded malware code at any time by resizing the OP area. Since normal users maintain 100% user area on the channel, it will not be easy to detect such malicious behaviour of hackers," the article added.

To counteract the first type of assault, the researchers advise that SSD manufacturers wash the OP area with a pseudo-erase algorithm that has no effect on real-time performance. Implementing valid-invalid data rate monitoring systems that monitor the ratio inside SSDs in real-time is a potentially effective security measure against injecting malware in the OP area for the second type of attack.
Read more »
User Security
Cyber Attacks DDOS Attack South Korea Telecom Firm User Security

South Korean Telecom Operator Crippled by DDoS Attack

 

South Korean telecommunications operator KT suffered a nationwide network outage earlier this week, affecting its telephone and wireless services including phone calls, internet, and other services.

The suspected distributed denial-of-service (DDoS) attack crippled the network for almost an hour. Customers using the telco's network were unable to access the internet for around 40 minutes at around 11am on Monday. Since then, general access to the Internet has been restored for KT users in most parts of the country. 

To investigate the matter, a team of security experts from the Seoul cyber department was dispatched to KT's headquarters in Seongnam, Gyeonggi Province, just south of Seoul. Later in the day, KT restated that the outage appeared to have been caused by large-scale DDoS attacks. The firm said it is still looking for the culprits behind the DDoS and will continue to analyze the extent of the damage. 

“The telco's network was shut down due to a large-scale DDoS attack. During the outage, the company's crisis management team was working to quickly restore the network back to normal. KT is yet to figure out the extent of the damage or who was behind the DDoS attack,” KT spokesperson stated. 

The Ministry of Science and ICT said they are keeping a close eye on the matter in collaboration with KT. However, the ministry did not confirm that the network failure was caused by a DDoS attack, but it said the other major telcos SK Telecom and LG Uplus were not affected.

Despite not being victims of the DDoS attack, users of the services of SK Telecom and LG Uplus raised complaints on social media regarding telcos network outages. Spokespersons for these telcos said the network outages were due to a sudden surge in traffic from KT users switching their services due to KT’s internet outage. Both SK Telecom and LG Uplus representatives said they would be monitoring the situation closely. 

According to the Science and ICT Ministry data, around 16.3 million people are dependent on KT for internet service as of March 2021. The last time KT suffered a network outage was in 2018 when a fire broke at its Ahyeon branch in central Seoul. The fire caused internet and phone service disruptions in nearby areas, including the Seoul districts of Jung-gu, Yongsan-gu, and Seodaemun-gu.
Read more »
ZIP File
malware South Korea Webhards And Torrents ZIP File

Threat Actors are Using Webhards And Torrents to Spread RAT Malware in Korea

 

The ASEC researchers have discovered a new malicious campaign targeting South Korean users. Threat actors are spreading easily obtainable malware such as njRAT and UDP RAT via Webhards and torrents to disguise as normal programs such as games or adult content for distribution. 

According to ASEC analysts, WebHards is a popular online storage service in Korea, preferred mainly for the convenience of direct downloads. However, threat actors are using Webhards to distribute a UDP RAT that is disguised as a ZIP file containing an adult game. Users who end up at webhards are directed by attackers through Discord or social media platforms. 

The downloaded compressed zip file has various files but then the user would need to open the “Game..exe” file to play the game. Upon execution, the “Game..exe” file becomes hidden, therefore, the user then uses Game.exe, which is the copied game program launcher. 

Apart from that, the stick.dat file that runs via launcher malware is the ALZIP SFX program, and it creates two malware “Uninstall.exe” and “op.gg.setup.apk” in the C:\Program Files\4.0389 folder. After stick.dat creates the files, it executes Uninstall.exe. Uninstall.exe is another launcher malware that runs op.gg.setup.apk. Op.gg.setup.apk is a downloader malware that downloads the Op.gg.exe file from the following address in the same directory and runs it.

njRAT is a type of malware that can steal private information from victims, such as account credentials and keystrokes. The malware is also capable of capturing screenshots from a compromised device and can modify the Windows registry for persistence. This variant adds a Registry key to ensure a continuous connection to the C2 server. It allows the attackers to drop more payloads. 

Threat actors have been employing various tricks to convince users to download the njRATs with torrents and file hosting services being a preferred method. Earlier this year in June, ASEC warned about this issue, when threat actors propagated a repackaged version of a well-known game as Lost Ruins. The package could run both the game and the virus simultaneously, making it hard to detect the infection. 

The researchers have advised users to remain vigilant while approaching executables downloaded from a file-sharing website and also to download products from the official websites of developers.
Read more »
Taiwan
Data Breach McDonald South Korea Taiwan

South Korea And Taiwan: McDonald Hit by a Data Breach

 

After unauthenticated activity on their system, the personal data of some consumers in South Korea and Taiwan were disclosed as McDonald's became the latest data breach affected firm. 

The attackers have obtained e-mails, telephone numbers, and delivery details, but consumer payment information was not included in the breach, the company claimed. On Friday, McDonald's also said that the event was swiftly recognized and managed as a comprehensive study was undertaken. 

The investigation discovered that the information from companies was breached in countries namely the U.S., South Korea, and Taiwan. 

McDonald's said the failure revealed certain corporate contact information for the US staff and franchisees and some information about locations such as seating capacity and the square footage of play areas in a message to U.S. employees. No customer information has been infringed in the US and the information regarding the employees in the United States that was exposed was not sensitive. The corporation urged employees and franchisees to keep an eye on phishing e-mails and request information from them. 

McDonald's said attackers obtained emails of consumers in South Korea and Taiwan along with their shipping numbers and addresses. McDonald's reported that hackers also took staff information of customers from Taiwan, particularly their names and contact information.

The F&B chain has indicated that its South Korea and Taiwan businesses have notified Asian regulators of the infringement and would also contact clients and staff. The officials said that its departments would also communicate probable unlawful access to the data to some South African and Russian staff. These countries were also flagged by the investigation. 

McDonald's asserted that the businesses at its restaurants were not impacted by the infringement and that there was no ransomware attack in which hackers asked for ransom to return data and transactions control to enterprises. McDonald's has declared that no ransom has been requested nor have they paid the hackers. 

McDonald's noted that its cybersecurity defense investment has expanded in recent years and that these mechanisms have helped them respond to the recent incident. Shortly after the breach was detected, the corporation announced it would shut hackers' access to data off. 

“McDonald’s will leverage the findings from the investigation as well as input from security resources to identify ways to further enhance our existing security measures,” the company said.
Read more »
South Korea
Cyber Attacks Online Traffic Remote Work South Korea

South Korea Under Major Cyber Attacks in Pandemic Era

 

As per Ciso, ransomware attacks have proliferated in South Korea over the last year, impacting hospitals and shopping malls as the coronavirus pandemic has increased Internet usage. 

A major plastic surgery clinic in southern Seoul disclosed on Thursday that its servers had been the target of a ransomware attack on its website. Personal data about their patients seem to have been obtained by the hackers. This is the most recent in a string of ransomware assaults recorded in the city.

According to the Ministry of Science and ICT, the number of ransomware assaults reported in the country increased by more than thrice to 127 last year, up from 39 in 2019. According to the Yonhap news agency, there have been around 65 cases so far this year. A wide spectrum of businesses has been attacked by ransomware attacks. 

Last month, Super Hero's operations were interrupted for hours due to a ransomware attack that affected 15,000 delivery employees around the world. Hackers broke into the local fashion and retail behemoth E-Land Group last November, forcing the shutdown of 23 of its 50 NC Department Store and NewCore outlet sites. 

Cyber-attacks have increased in both number and profile as the epidemic has led to more Internet usage. According to Kim Seung-joo, a cybersecurity specialist at Korea University, ransomware assaults might pose more problems than just destroying a company's complete work system because enterprises are relying more on remote work during the epidemic. 

As an outcome, a growing number of companies are paying the ransom. This technique supports the spread of ransomware. It's a vicious circle, Kim said, urging more investment in cybersecurity to avoid the crisis in the first place. 

Regrettably, the attacks appear to be part of a bigger global pattern. The hack of Colonial Pipeline, a major oil pipeline operator in the United States, was a notable recent incident. The corporation was compelled to pay a $4.4 million ransom. 

As ransomware assaults continue in South Korea, the ICT ministry established a 24-hour monitoring team last month to help businesses harmed by the attacks. Companies that have been targeted by the attacks are currently receiving assistance from the government, including the restoration of their systems.
Read more »
South Korea
Facebook Privacy South Korea

South Korea Fines Facebook For Sharing Data Without User Consent


South Korea fines social networking giant Facebook for 6.7 billion Won (around $6 million) for sharing user data without their consent. According to PIPC (Personal Information Protection Commission), Facebook has a total userbase of around 18 million users in South Korea. It says FB shared user data of 3.3 million users to third-party companies without user consent. The incident happened from May 2012 to June 2018. Also, PIPC says that it will charge a criminal complaint against the company for violating "personal information laws." 

The shared information includes user names, academic background, work profile, relationship status, and home addresses. The users logged into other third-party apps using their FB credentials but without giving any permission to access personal information. Nonetheless, FB shared its data with the third-party apps the users were using. 

The issue came to notice when a FB user shared their data with a service while logging in with the FB account, but the user's friends didn't, however, unaware that their FB data was also shared. Following the incident, these third-party apps used Facebook's provided information to show customized ads on social media users' profiles. 

According to PIPC, with no user permission, Facebook provided user data to third-party companies and made monetary profits. PIPC also charges FB to store login credentials (with no encryption) without user knowledge and not notify the users while accessing their data. Besides this, it claims that Facebook presented fake and incomplete documents while the legal investigation was ongoing, instead of providing the real documents. 

It affected the inquiry's credibility and caused difficulties in assessing FB's clear violations of rules and laws. For this misdoing, FB was charged for an extra 66 million won. 

The company Facebook, however, claims that it provided full cooperation during PIPC's investigation. FB find PIPC's complaint regrettable; however, it will respond after the commission takes its final decision. 

"The investigation against the US tech giant started in 2018 by the Korea Communication Commission, the country's telecommunication regulator, in the wake of the Cambridge Analytica scandal. The regulator handed the case to PIPC," reports ZDNet.
Read more »
U.S
GRU Ransomware Russia South Korea U.S

United States Charged Six Russian Intelligence Officers with Involvement in An Unrestricted Huge Hacking Campaign

 


With involvement in an 'unrestricted huge hacking campaign', which incorporates the famous Petya ransomware attacks which have focused mainly on Ukraine in 2015, as of late, the Justice Department has charged six Russian intelligence officers. 

Residents and nationals of the Russian Federation (Russia)the six officials were also in Unit 74455 of the Russian Main Intelligence Directorate (GRU), a military intelligence agency of the General Staff of the Armed Forces.

 

The government claimed that the group that had attacked Ukraine has likewise hacked different computers promoting the 2018 Winter Olympics in South Korea. It likewise hacked and leaked emails of people related to Emmanuel Macron's 2017 campaign for president of France. 

Besides this, they additionally focused on the companies exploring the poisoning of former Russian operative Sergei Skripal two years ago in Britain. 

All the six hackers are GRU officers; the government said that for over two years, they had battled tirelessly to recognize these Russian GRU Officials who interweaved in a global campaign of hacking, disruption, and destabilization, representing the most dangerous and destructive cyber-attacks ever.

The GRU burrowed into three electrical administration systems and cluttered circuit breakers remotely, it was one of the first cyber-attacks and had a cyber firm that consistently focused on critical infrastructure.

The authorities had at first scrutinized and reprimanded North Korea for the strike yet later found that the GRU utilized North Korean hacking tools to throw off the experts. 

That is the motivation behind why the special agent of FBI Michael Christman insisted that the warrant is the result of over two years of strong investigation by the FBI, a position that was kept up by an agent who worked the case.

Here are the names and the acts done by the hackers referenced below: -

 

The FBI has regularly indicated that Russia is very equipped for a cybersecurity adversary, and the information uncovered in this statement shows how omnipresent and harming Russia's cyber activities are. 

While Russia is probably not going to capture the detainees, it is unlikely that they will attain any trial too.
Read more »
Technology
COVID-19 Samsung South Korea Technology

The Worldwide Pandemic Prompts Technology Giant Samsung to Embrace Electronic Voting


There is no denying the fact that the rise of COVID-19 has taken the world by storm yet it’s very astounding that the technology sector also has been affected to a critical degree. Technology giant Samsung Electronics has thus embraced electronic voting in favor of the first run through ever during this year's annual general meeting (AGM) on March 18, asking shareholders to utilize it to help check the spread of the worldwide pandemic coronavirus. 

Samsung's investor relations website on Monday encouraged shareholders to take the opportunity to cast a ballot via the internet up to March 17. This is on the grounds that the company directed a 1-to-50 stock split in 2018, prompting a huge increment in the shareholders numbers. 

Samsung's AGM is said to be held at a convention hall in Suwon, around 30 km (18 miles) south of Seoul, with a capacity of around 3,000 people as per reports by the centre's website Samsung explicitly called for electronic voting by shareholders with manifestations, or who have visited locales with high-risk districts, or who are identified as high-risk, for instance, pregnant women and those aged 65 or above. Reflecting guidance from the "Korea Centers for Disease Control and Prevention Guidance". 

The shareholders' gathering is said to be furnished with thermal cameras and contactless thermometers, and those with fever or cough symptoms might be restricted from entering. 
Those with a fever at the scene will be coordinated to an area away from the main hall, the website informs. 

In what is the second-biggest outbreak in Asia after China, South Korea announced 74 new COVID-19 infections on Monday, bringing the nation's aggregate to 8,236 and hence such precautions are a must.
Read more »
UK
child abuse Cyber Crime Dark Web South Korea UK

More than 300 hundred arrested in "dark web child abuse" sting!


Hundreds, around 338 people have been arrested in the worldwide sting of "largest dark web child porn marketplaces", investigators said.

The now seized English website, "Welcome to Video" hosted 2,00,000 videos showing illegal acts committed to children, which were downloaded more than a million times. The site had eight terabytes of data containing gruesome acts being done to infants, toddlers and children.

The site's owner Jong Woo Son, 23, from Korea is currently in prison, serving a sentence of 18 months. Unites States officials have unsealed nine allegations against him.

"You may try to hide behind technology but, we will find you and arrest you and prosecute you." Jessie Liu, the US attorney for the District of Columbia said in a press conference.

The site was shut down a year ago in March by US authorities, but on Wednesday officials said 338 users have been arrested from 38 countries including UK, Ireland, US, South Korea, Germany, Spain, Saudi Arabia, the United Arab Emirates, the Czech Republic and Canada.
The site also used a Bitcoin based marketplace with at least 7,300 transaction worth about 730,000 dollars. UK's National Crime Agency said "The site was one of the first to offer sickening videos for sale using the cryptocurrency bitcoin. "

The arrest was  result of a three years of hunt by National Crime Agency of Britain, and task forces from UK, US, South Korea and Germany. The officials first came across the website while investigating one of UK's worst child sex offender and paedophile, geophysicist Dr Matthew Falder in 2017. Fadler, admitted to 137 offenses and is serving a 25 years sentence for sharing images and abusive videos on the dark web. Then in March, 2018 officials went to South Korea to take down the website's server and to arrest Jong Woo Son, the owner of the site.

The officials were able to arrest many suspects by tracing the cryptocurrency transactions. Seven men from the UK and five from America have already been convicted of the investigation. One of them being, Kyle Fox another child offender already in jail for raping a five-year-old boy and sexually abused a three-year-old girl.
“The scale of this crime is eye-popping and sickening,” said John Fort, the chief of IRS criminal investigations. The task force was able to rescue 23 children from a state of constant abuse.
Read more »
South Korea
4G Network LTE Network Security researcher Security Vulnerabilities Smartphone Hacks South Korea

LTE vulnerabilities could allow eavesdroping


There are new vulnerabilities discovered with the 4G network used by smartphones. South Korean researchers discovered 36 new flaws using a technique called 'fuzzing'.

It turns out that our mobile networks may not be the safest. As LTE gets ready to make way for 5G, researchers have discovered several flaws in the Long-Term Evolution (LTE) standard, which could allow an attacker to intercept data traffic or spoof SMS messages.

The 4G LTE standard has vulnerabilities that could allow a hacker to intercept data that is being transferred on the networks. Although there has been plenty of research about LTE security vulnerabilities published in the past,  what's different about this particular study is the scale of the flaws identified and the way in which the researchers found them.

Researchers at the Korea Advanced Institute of Science and Technology Constitution (KAIST) have discovered 51 vulnerabilities with the 4G LTE standard—this includes 15 known issues and 36 new and previously undiscovered flaws with the standard.

LTE, although commonly marketed as 4G LTE, isn’t technically 4G. LTE is widely used around the world and often marketed as 4G. LTE can be more accurately described as 3.95G.

Given the widespread use of LTE, the latest findings have massive implications and clearly show wireless networks that consumers often take for granted aren't foolproof.

In their research paper [PDF], the researchers claim to have found vulnerabilities enabling attackers to eavesdrop and access user data traffic, distribute spoofed text messages, interrupt communications between base station and phones, block calls, disconnect users from the network and also access as well as manipulate data that is being transferred. The researchers are planning to present these at the IEEE Symposium on Security and Privacy in May.

“LTEFuzz successfully identified 15 previously disclosed vulnerabilities and 36 new vulnerabilities in design and implementation among the differ- ent carriers and device vendors. The findings were categorized into five vulnerability types. We also demonstrated several attacks that can be used for denying various LTE services, sending phishing messages, and eavesdropping/manipulating data traffic. We performed root cause analysis of the identified problems by reviewing the related standard and interviewing collaborators of the carriers,” said the researchers in the report.
Read more »
Spy
Online fraud South Korea Spy

1,600 Motel Guests Were Secretly Streamed Live






South Korea has arrested four men accused of online streaming of the “intimate private activities” of 1600 hotel rooms.

The men allegedly installed mini cameras in TVs, hair-dryer holders, and sockets, to record all the private activities which were sold on online platforms for up to $6,200.

If the allegations proved right, then they could face jail up to 10 years and a  30m won ($26,571; £20,175) fine.

The men created a website in November, where they allowed users to pay for full videos or watch 30-second clips for free. They reportedly posted 803 videos and earned money from 97 paying members before the website was taken down.

"The police agency strictly deals with criminals who post and share illegal videos as they severely harm human dignity," a spokesman for the Seoul Metropolitan Police Agency told the local newspaper the Korea Herald.

The recent incident has sparked a nationwide protest against the filming of sex and nudity as the number of such incidences have increased many folds.

"There was a similar case in the past where illegal cameras were (secretly installed) and were consistently and secretly watched, but this is the first time the police caught where videos were broadcast live on the internet," police said.

Read more »
Subscribe to: Posts (Atom)