#1 Trusted Cybersecurity News Platform
Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News
Cybersecurity

South Korea | Breaking Cybersecurity News | The Hacker News

Category — South Korea
Watch Out for Malware If You're Interested in North Korean Missile Program

Watch Out for Malware If You're Interested in North Korean Missile Program

Jul 06, 2017
If you hold an interest in the North Korean Missile Program and are one of those curious to know capabilities of the recently tested North Korean long-range missile than you could be a target of a new malware campaign. North Korea claims to have conducted the first test of an intercontinental ballistic missile (ICBM), the Hwasong-14 , on 3rd July, and US officials believe the country may have fired a brand-new missile that has not been seen before. Now, just a day after the test missile launch, hackers have started utilizing the news to target people interested in North Korean missile arsenal that has progressed over the decades from crude artillery rockets to testing what the country claims long-range missiles that could strike targets in the United States. Security researchers at Talos Intelligence have discovered a new malware campaign that started on 4th July to target victims with KONNI, an unknown Remote Access Trojan (RAT) that has been in use for over three years.
Web Hosting Company Pays $1 Million to Ransomware Hackers to Get Files Back

Web Hosting Company Pays $1 Million to Ransomware Hackers to Get Files Back

Jun 19, 2017
South Korean web hosting provider has agreed to pay $1 million in bitcoins to hackers after a Linux ransomware infected its 153 servers, encrypting 3,400 business websites and their data, hosted on them. According to a blog post published by NAYANA, the web hosting company, this unfortunate event happened on 10th June when ransomware malware hit its hosting servers and attacker demanded 550 bitcoins (over $1.6 million) to unlock the encrypted files. However, the company later negotiated with the cyber criminals and agreed to pay 397.6 bitcoins (around $1.01 million) in three installments to get their files decrypted. The hosting company has already paid two installments at the time of writing and would pay the last installment of ransom after recovering data from two-third of its infected servers. According to the security firm Trend Micro , the ransomware used in the attack was Erebus that was first spotted in September last year and was seen in February this year with Win
The New Effective Way to Prevent Account Takeovers

The New Effective Way to Prevent Account Takeovers

Sep 04, 2024SaaS Security / Browser Security
Account takeover attacks have emerged as one of the most persistent and damaging threats to cloud-based SaaS environments. Yet despite significant investments in traditional security measures, many organizations continue to struggle with preventing these attacks. A new report, " Why Account Takeover Attacks Still Succeed, and Why the Browser is Your Secret Weapon in Stopping Them " argues that the browser is the primary battleground where account takeover attacks unfold and, thus, where they should be neutralized. The report also provides effective guidance for mitigating the account takeover risk.  Below are some of the key points raised in the report: The Role of the Browser in Account Takeovers According to the report, the SaaS kill chain takes advantage of the fundamental components that are contained within the browser. For account takeover, these include: Executed Web Pages - Attackers can create phishing login pages or use MiTM over legitimate web pages to harve
US Warns of 'DeltaCharlie' – A North Korean DDoS Botnet Malware

US Warns of 'DeltaCharlie' – A North Korean DDoS Botnet Malware

Jun 14, 2017
The United States government has released a rare alert about an ongoing, eight-year-long North Korean state-sponsored hacking operation. The joint report from the FBI and U.S. Department of Homeland Security (DHS) provided details on " DeltaCharlie ," a malware variant used by " Hidden Cobra " hacking group to infect hundreds of thousands of computers globally as part of its DDoS botnet network. According to the report, the Hidden Cobra group of hackers are believed to be backed by the North Korean government and are known to launch cyber attacks against global institutions, including media organizations, aerospace and financial sectors, and critical infrastructure. While the US government has labeled the North Korean hacking group Hidden Cobra, it is often known as Lazarus Group and Guardians of Peace – the one allegedly linked to the devastating WannaCry ransomware menace that shut down hospitals and businesses worldwide. DeltaCharlie – DDoS Botnet M
cyber security

Secure Your Network: 40% Face Full Takeover Risk

websitePicus SecurityEndpoint Security / Attack Surface
Understand and address the critical risks in your network to prevent takeovers.
North Korean Hackers Steal thousands of Military files from S. Korea

North Korean Hackers Steal thousands of Military files from S. Korea

Jun 13, 2016
Hackers aligned with North Korea have always been accused of attacking and targeting South Korean organizations, financial institutions, banks and media outlets. Recent reports indicate that North Korean hackers have hacked into more than 140,000 computers of at least 160 South Korean government agencies and companies, and allegedly injected malware in the systems. The cyber attack was designed to lay for a long term period against its rival, authorities in Seoul said. The South Korean police were on high alert against cyberattacks by the North Korean hackers, especially after North Korea successfully tested a miniaturized hydrogen bomb in January and a long-range rocket launch in February, Reuters reports . According to the police, the hacking attack began in 2014 but was detected only in February this year, after North Korea managed to steal information from two companies: the SK and Hanjin Group. The documents stolen from the two companies included blueprints for the wi
Philippines Bank hit by SWIFT Hacking Group allegedly linked to North Korea

Philippines Bank hit by SWIFT Hacking Group allegedly linked to North Korea

May 27, 2016
SWIFT Bank Hackers have attacked another bank in the Philippines using the same modus operandi as that in the $81 Million Bangladesh Bank heist . Security researchers at Symantec have found evidence that malware used by the hacking group shares code similarities with the malware families used in targeted attacks against South Korean and US government, finance, and media organizations in 2009. These historic attacks were attributed to the North Korean hacking group known as Lazarus , who hacked Sony Pictures in 2014. Also Read:   How Hackers Stole $80 Million from Bangladesh Bank . " At first, it was unclear what the motivation behind these attacks were, however, code sharing between Trojan.Banswift (used in the Bangladesh attack used to manipulate SWIFT transactions) and early variants of Backdoor.Contopee provided a connection, " Symantec blog post says. In past few months, some unknown hackers have been targeting banks across the world by gaining access to SWIFT, the worldwi
Duuzer Trojan: A New Backdoor Targeting South Korean Organizations

Duuzer Trojan: A New Backdoor Targeting South Korean Organizations

Oct 27, 2015
Security researchers at Symantec have uncovered a new Backdoor Trojan that grants hackers remote access and some control over infected machines. " Duuzer ," as dubbed by the researchers, has been targeting organizations in South Korea and elsewhere in an attempt to steal valuable information. The Trojan is designed to infect both 32-bit and 64-bit computers running Windows 7, Windows Vista, and Windows XP. Duuzer gives attackers remote access to the compromised computer, allowing them to: Collect system and drive information Create, enumerate, and end processes Access, modify and delete files Upload and Download additional files Change the time attributes of files Execute malicious commands Steal data from infected system Know about victim's Operating System Duuzer Infects via Spear Phishing or Watering Hole Attacks It is currently unclear how the malware is being distributed, but according to Symantec Researchers, the most obvious routes ar
South Korean Nuclear Power Plant Hacked

South Korean Nuclear Power Plant Hacked

Dec 24, 2014
Koreans have once again gain media attention but this time not as an accused of any kind of hack attack, but as a victim of a severe attack on computers systems at a nuclear power plant in South Korea by an unknown hacker or a group. South Korea was hit by a cyber attack on its nuclear power plant, causing the operator to conduct drills in order to test the ability of the nuclear plant to cope with a full-scale cyber-attack. Although the plant's operator says no critical data has been leaked. The cyber attack came into light after a hacker posted blueprints of nuclear reactors online and threatened further "leaks" unless authorities close down the reactors. According to the South Korean Yonhap News Agency, the hacker was able to access blueprints of reactors, floor maps and other internal information on the plant. Last week with the help of a Twitter account named " president of anti-nuclear reactor group ," the hacker posted leaked data revea
70% of South Korean Population Victimized In Online Gaming Heist

70% of South Korean Population Victimized In Online Gaming Heist

Aug 27, 2014
More than half of South Korea's 50 million population aged between 15 and 65 have been affected in a massive data breach, compromising their personal information. The data breach came to light when 16 individual were arrested following the theft of about 220 million stolen records from a number of online game, ringtone storefronts and movie ticket sites that contains personally identifiable information related to 27 million victims. The stolen records included actual name, account name, password and resident registration number of the victims, According to the English version of a Seoul-based daily newspaper, the Korea Joongang Daily . Among 16 perpetrators, the South Jeolla Provincial Police Agency arrested a 24-year-old man named 'Kim' , for allegedly obtaining and selling all 220 million personal information including names, registration numbers, account names, and passwords , from a Chinese hacker he met through an online game in 2011. Police estimated the
25 Million 'NAVER' Accounts Breached using Stolen Data

25 Million 'NAVER' Accounts Breached using Stolen Data

Mar 27, 2014
A 31-year-old South Korean has been recently accused by the police for the allegation of infiltrating and hacking the accounts of 25 million users of   Naver , one of the popular search portal in South Korea. On Wednesday, the Asian National Police Agency revealed that the suspect purchased the private information of 25 million users, including names, residential numbers, Internet IDs and passwords from a Korean-Chinese, back in August last year, Korea Herald reported. The suspect surnamed  ' Seo ', supposedly used the purchased information to hack into the accounts of Naver users and sent out spam messages and other ' illicit emails ' to the account holders. He had made an illegal profit of some 160 million won ( $148,000 ) using this, according to the report. Also a hacker surnamed  ' Hong ', has been arrested by the police who was suspected to develop the hacking program that automatically enter users' IDs and passwords, which was apparently used by
20 Million Credit Cards stolen in South Korea; 40% Population affected by the Data Leak

20 Million Credit Cards stolen in South Korea; 40% Population affected by the Data Leak

Jan 20, 2014
Since all threats to data security and privacy often come from outside, but internal threats are comparatively more dangerous and a difficult new dimension to the data loss prevention challenge i.e. Data Breach . The " Insider threats " have the potential to cause greater financial losses than attacks that originate outside the company. This is what happened recently with three credit card firms in South Korea , where the financial and personal data belonging to users of at least 20 million, in a country of 50 million, was stolen by an employee, who worked as a temporary consultant at Korean Credit Bureau (KCB). " Confidential data of customers ranging from the minister-level officials to celebrities, including their phone numbers, addresses, credit card numbers, and even some banking records, have been leaked from Kookmin Bank, Shinhan Bank and several other commercial banks ", The stolen data includes the bank account numbers, customers' names, social security number
Rogue software update cause Malware attack on Japanese Nuclear Power Plant

Rogue software update cause Malware attack on Japanese Nuclear Power Plant

Jan 10, 2014
The most critical and worst target of a State-sponsored cyber-attack s could be Hospitals, Dams, Dykes and Nuclear power stations and this may cause military conflicts between countries. According to Japan Today , The Monju nuclear power plant in Tsuruga, Japan was accidentally targeted by a malware on 2nd January, when a worker updated the system to the latest version of the video playback program. Monju Nuclear Plant  is a sodium-cooled fast reactor, was launched in April 1994. It has not been operational for most of the past 20 years, after an accident in which a sodium leak caused a major fire. Employees over there are only left with a regular job of company's paperwork and maintenance. So the malware could have stolen only some sensitive documents, emails, training records and employees' data sheets. The Malware command-and-control server suspected to be from South Korea. The malware itself is not much sophisticated like Stuxnet  or Duqu, but the unmanaged software u
South Korea hit by Android Trojan, Malware in Gaming apps and DDoS attack

South Korea hit by Android Trojan, Malware in Gaming apps and DDoS attack

Oct 25, 2013
Last Tuesday, The National Police Agency of South Korea warned the people that many Malware infected video games being offered in the South Korean markets with the purpose of launching Cyber attacks on the Country. That Malware is collecting location data and IP addresses of infected users and according to experts, malware is sending data back to its master servers based in North Korea . Just today the Korea's largest anti-virus software firm AhnLab  confirmed that they have detected distributed denial-of-service (DDoS) attacks on local companies' websites. According to the report, about 16 websites of 13 companies, including Daum, MSN and the JoongAng Ilbo newspaper had been affected. AhnLab said that some 10-thousand computers have been hit, mainly because they failed to install a vaccination program or update an existing one since the last cyber attack in July. The attack was detected around 4:00 p.m. on Thursday, infecting around 10,000 computer
South Korea defense bans Smartphones for data security

South Korea defense bans Smartphones for data security

Jul 04, 2013
South Korea 's Ministry of National Defense is banning its employees from using the  smart phones inside of the ministry's building in a bid to prevent military data leaks. At present, the only way to ensure sensitive corporate and Defense data is not lost is to provide employees with devices owned and controlled by the enterprise. Staffers will still be allowed to make phone calls or use text messaging services and also visitors will also be required to leave their smartphones at the entrance, officials said Wednesday. Defense ministry employees will be required to install a smart phone application which deactivates major smart phone functions like computing, Internet connectivity and the camera. Employees will be allowed to answer and make phone calls and use text messaging services and the plan will kick in on July 15.
Expert Insights / Articles Videos
Cybersecurity Resources