Search results for Korean cyber attack | Breaking Cybersecurity News | The Hacker News

Hackers aligned with North Korea have always been accused of attacking and targeting South Korean organizations, financial institutions, banks and media outlets. Recent reports indicate that North Korean hackers have hacked into more than 140,000 computers of at least 160 South Korean government agencies and companies, and allegedly injected malware in the systems. The cyber attack was designed to lay for a long term period against its rival, authorities in Seoul said. The South Korean police were on high alert against cyberattacks by the North Korean hackers, especially after North Korea successfully tested a miniaturized hydrogen bomb in January and a long-range rocket launch in February, Reuters reports . According to the police, the hacking attack began in 2014 but was detected only in February this year, after North Korea managed to steal information from two companies: the SK and Hanjin Group. The documents stolen from the two companies included blueprints for the wi...

Koreans have once again gain media attention but this time not as an accused of any kind of hack attack, but as a victim of a severe attack on computers systems at a nuclear power plant in South Korea by an unknown hacker or a group. South Korea was hit by a cyber attack on its nuclear power plant, causing the operator to conduct drills in order to test the ability of the nuclear plant to cope with a full-scale cyber-attack. Although the plant's operator says no critical data has been leaked. The cyber attack came into light after a hacker posted blueprints of nuclear reactors online and threatened further "leaks" unless authorities close down the reactors. According to the South Korean Yonhap News Agency, the hacker was able to access blueprints of reactors, floor maps and other internal information on the plant. Last week with the help of a Twitter account named " president of anti-nuclear reactor group ," the hacker posted leaked data revea...

The United States Treasury Department on Friday announced sanctions against three state-sponsored North Korean hacking groups for conducting several destructive cyberattacks on US critical infrastructure. Besides this, the hacking groups have also been accused of stealing possibly hundreds of millions of dollars from financial institutions around the world to ultimately fund the North Korean government's illicit weapons and missile programs. The three North Korean hacking groups in question are the well-known Lazarus Group , and its two sub-groups, Bluenoroff and Andariel . The sanctions announced by the Treasury Department's Office of Foreign Assets Control (OFAC) claim that all the three groups are "agencies, instrumentalities, or controlled entities of the Government of North Korea" based on their relationship with Pyongyang's central intelligence bureau called the Reconnaissance General Bureau (RGB). Specifically, the sanctions aim to lock any fore...

McAfee Lab researchers issued a report on the large scale cyber attacks against South Korea that appear to be linked to hackers also specialized in cyber espionage . The attackers behind these recent attacks against South Korean infrastructure are skilled professionals and they designed a specialized malware to steal military secrets from the South Korea and US military networks. The cyber espionage campaign dubbed as " Operation Troy ", due the numerous references into the source code analyzed to the city. McAfee said that in 2009, malware was implanted into a social media website used by military personnel in South Korea Ryan Sherstobitoff, a senior threat researcher at McAfee, started the investigation after the malware came into action in an attacks occurred on March 20th, known as the Dark Seoul Incident , in which tens of thousands of hard drives belongs to television networks and banks in South Korea were wiped completely. Versions of the code...

Computer networks at major South Korean banks and top TV broadcasters crashed simultaneously Wednesday, during a Massive cyber attack. South Korean police investigating reports from several major broadcasters and banks. least three broadcasters KBS, MBC and YTN and the Shinhan and Nonghyu banks reported that their computer networks had been crached. The state-run Korea Information Security Agency said that Screens went blank at 2 p.m. and more than seven hours later some systems were still down.  The take down was apparently not from a distributed denial-of-service (DDOS) attack, but a virus that has apparently infected machines in these organizations and delivered its payload simultaneously. An official at the Korea Communications Commission said investigators speculate that malicious code was spread from company servers that send automatic updates of security software and virus patches. The Associated Press says: " The latest network para...

Security researchers have finally, with "high confidence," linked a previously discovered global cyber espionage campaign targeting critical infrastructure around the world to a North Korean APT hacking group. Thanks to the new evidence collected by researchers after analyzing a command-and-control (C2) server involved in the espionage campaign and seized by law enforcement. Dubbed Operation Sharpshooter , the cyber espionage campaign targeting government, defense, nuclear, energy, and financial organizations around the world was initially uncovered in December 2018 by security researchers at McAfee. At that time, even after finding numerous technical links to the North Korean Lazarus hacking group , researchers were not able to immediately attribute the campaign due to a potential for false flags. Researchers Analysed Sharpshooter's Command Server Now, according to a press release shared with The Hacker News, a recent analysis of the seized code and command...

A North Korea-linked threat actor known for its cyber espionage operations has gradually expanded into financially-motivated attacks that involve the deployment of ransomware, setting it apart from other nation-state hacking groups linked to the country. Google-owned Mandiant is tracking the activity cluster under a new moniker APT45 , which overlaps with names such as Andariel, Nickel Hyatt, Onyx Sleet (formerly Plutonium), Silent Chollima, and Stonefly. "APT45 is a long-running, moderately sophisticated North Korean cyber operator that has carried out espionage campaigns as early as 2009," researchers Taylor Long, Jeff Johnson, Alice Revelli, Fred Plan, and Michael Barnhart said . "APT45 has been the most frequently observed targeting critical infrastructure." It's worth mentioning that APT45, along with APT38 (aka BlueNoroff), APT43 (aka Kimsuky), and Lazarus Group (aka TEMP.Hermit), are elements within North Korea's Reconnaissance General Bureau ...

As we are nearing the end of 2022, looking at the most concerning threats of this turbulent year in terms of testing numbers offers a threat-based perspective on what triggers cybersecurity teams to check how vulnerable they are to specific threats. These are the threats that were most tested to validate resilience with the  Cymulate security posture management platform  between January 1st and December 1st, 2022. Manjusaka Date published: August 2022 Reminiscent of Cobalt Strike and Sliver framework (both commercially produced and designed for red teams but misappropriated and misused by threat actors), this emerging attack framework holds the potential to be widely used by malicious actors. Written in Rust and Golang with a User Interface in Simple Chinese (see the workflow diagram below), this software is of Chinese origin. Manjusaka carries Windows and Linux implants in Rust and makes a ready-made C2 server freely available, with the possibility of creating custom im...

If you believe that your organization is not at real risk of cyber attack, then you are absolutely wrong. Incidents of massive data breaches, advanced cyber attacks coming from China , groups like Syrian Electronic Army , Hacking Point of Sale machines at retailers such as Target have splashed across the news in the last one year. Whether a Government Agency or Private Company, Small or a Large Tech Company.... ...It's no secret that No one is Immune to Cyber Attacks . This article is the first in a two-part series from The Hacker News , listing first four out of  Top 7 Brutal Cyber Attacks. And here we go... #1 "Hacking Team" Data Breach Hacking Team , the controversial spyware company, recently been hacked by some unidentified hackers that exposed over 400 gigabytes of its internal sensitive data on the Internet. Milan (Italy) based IT firm 'Hacking Team' sells intrusion and surveillance software solutions to Governments and Law Enforcement agen...

A story has been making the rounds on the Internet since yesterday about a cyber attack on an Indian nuclear power plant. Due to some experts commentary on social media even after lack of information about the event and overreactions by many, the incident received factually incorrect coverage widely suggesting a piece of malware has compromised "mission-critical systems" at the Kudankulam Nuclear Power Plant . Relax! That's not what happened. The attack merely infected a system that was not connected to any critical controls in the nuclear facility. Here we have shared a timeline of the events with brief information on everything we know so far about the cyberattack at Kudankulam Nuclear Power Plant (KKNPP) in Tamil Nadu. From where this news came? The story started when Indian security researcher Pukhraj Singh tweeted that he informed Indian authorities a few months ago about an information-stealing malware, dubbed Dtrack, which successfully hit "extre...

Yesterday we reported about a massive Cyber attack on South Korea that was responsible for shutting down networks of South Korean banks and TV broadcasters. Police are still investigating the cyber attack  but the country's Communications Commission has revealed that the hacking originated from a Chinese IP address. Symantec Security team analyze the code used in the cyber attacks against South Korea and they discovered an additional component used in this attack that is capable of wiping Linux machines.  The malware, which it called Jokra, contains a module for wiping remote Linux machines. ' The included module checks Windows 7 and Windows XP computers for an application called mRemote, an open source, multi-protocol remote connections manager. ' Symantec said. McAfee also published an analysis of the attack code, which wrote over a computer's master boot record, which is the first sector of the computer's hard drive that the computer checks before ...

The hackers group responsible for the last year's largest hacking attack on Sony Pictures Entertainment left many clues which proves that the Sony's hackers , who called themselves Guardians of Peace (GOP) , linked to North Korea, as claimed by the Federal Bureau of Investigation (FBI). Speaking at the International Conference on Cyber Security (ICCS) at Fordham University in New York on Wednesday, the director of the FBI defended his bureau's claim and said that the North Korean government was involved in the massive cyber attack against Sony Pictures – saying skeptics " don't have the facts that I have ." " There's not much I have high confidence about, " James Comey said, as reported by the FBI New York field office's official Twitter feed. " I have very high confidence... on North Korea. " According to Comey, the hackers usually relied on proxy connections to hide their real IP address each time they sent threatening ...

German and South Korean government agencies have warned about cyber attacks mounted by a threat actor tracked as  Kimsuky  using rogue browser extensions to steal users' Gmail inboxes. The  joint advisory   comes  from Germany's domestic intelligence apparatus, the Federal Office for the Protection of the Constitution (BfV), and South Korea's National Intelligence Service (NIS). The intrusions are designed to strike "experts on the Korean Peninsula and North Korea issues" through spear-phishing campaigns, the agencies noted. Kimsuky , also known Black Banshee, Thallium, and Velvet Chollima, refers to a  subordinate element  within North Korea's Reconnaissance General Bureau and is known to "collect strategic intelligence on geopolitical events and negotiations affecting the DPRK's interests." Primary targets of interest include entities in the U.S. and South Korea, particularly singling out individuals working within the government, military...

Ask an expert on cyber espionage and he for sure he will speak of China, the most active and advanced country in this sector, this time a clamorous campaign apparently originated from Korea has been discovered. Security company FireEye collected evidences of a cyber espionage campaign, named " Sanny ", attributable to Korea. FireEye hasn't revealed the real origin of the offensive, it's a mystery which Korea is responsible between North or South Korea, but it confirmed that 80% of victims are Russian organizations and companies belonging to space research industry, information, education and telecommunication. According Ali Islam, security researcher at FireEye declared " Though we don't have full concrete evidence, we have identified many indicators leading to Korea as a possible origin of attack."   The following are the indicators we have so far: 1. The SMTP mail server and CnC are in Korea 2. The fonts "Batang" and "KP CheongPong" used in the ...

The U.S. Department of Justice (DoJ) on Thursday unsealed an indictment against a North Korean military intelligence operative for allegedly carrying out ransomware attacks against healthcare facilities in the country and funneling the payments to orchestrate additional intrusions into defense, technology, and government entities across the world. " Rim Jong Hyok and his co-conspirators deployed ransomware to extort U.S. hospitals and health care companies, then laundered the proceeds to help fund North Korea's illicit activities," said Paul Abbate, deputy director of the Federal Bureau of Investigation (FBI). "These unacceptable and unlawful actions placed innocent lives at risk." Concurrent with the indictment, the U.S. Department of State announced a reward of up to $10 million for information that could lead to his whereabouts, or the identification of other individuals in connection with the malicious activity. Hyok, part of a hacking crew dubbed Andarie...