US-CERT on South Korean Malware Attack

us certReporting and technical details surrounding the malware used in the March 20, 2013, attack on South Korean assets have been varied and inconsistent. US Cert released a paper outlining the attack’s common attributes, giving guidance to U.S. Critical Infrastructure and Key Resource owners and operators, and listings defensive measures against the DarkSeoul malware.

The common attributes of the attack campaign are the following:

  • The malicious file wipes the master boot record (MBR) and other files.
  • The malware was hard coded with a specific execution date and time and searches machines for credentials with administrative/root access to servers.
  • The malware is written to specifically target South Korean victims.
  • The attack is effective on multiple operating systems.
  • The design is low sophistication – high damage.

Defensive Measures

US‐CERT reminds users and administrators of the importance of best practices to strengthen the security posture of their organization’s systems. The measures include regular and periodic backups, testing backups, having emergency communication plans, patching, monitoring cols and so on.
The simple golden rule is to follow the best practices and create user awareness.

One thought on “US-CERT on South Korean Malware Attack

  1. My wife and i felt very relieved when Albert managed to finish off his analysis out of the ideas he discovered from your very own web site. It is now and again perplexing just to choose to be freely giving tips and tricks most people have been trying to sell. So we know we’ve got the blog owner to thank because of that. All of the explanations you have made, the easy web site menu, the relationships your site make it easier to foster – it’s mostly incredible, and it is leading our son and us know that this article is cool, and that’s really vital. Thank you for the whole lot!

Comments are closed.