South Korean Universities Targeted By Chinese-Speaking Hackers

[InfoSec News <alerts () infosecnews org>]

http://www.darkreading.com/attacks-breaches/south-korean-universities-targeted-by-ch/240157240

By Kelly Jackson Higgins
Dark Reading
June 25, 2013

A newly discovered attack tool used by multiple groups of Chinese-speaking 
attackers has infected more than 1,000 machines in South Korea -- mainly 
universities and other academic institutions.

The so-called PinkStats malware family has been in use over the past four 
years, targeting various nation-states and organizations around the globe, 
according to Aviv Raff, CTO at Seculert, which studied the malware and posted 
its findings today.

"This is the first proof that there are Chinese-speaking attackers targeting 
[South Korea] entities," says Raff, who stopped short at confirming the 
attackers were from China. Even so, he says it's likely that they are Chinese: 
"These type of custom-made tools are usually created by the people speaking the 
language used in the tool, [such as where] Mahdi used Farsi strings," he says.

There's no evidence, either, to confirm that PinkStats was also used in the 
attacks earlier this year on South Korean banks, media networks, and an ISP 
that wiped hard drives and attached drives of infected machines. They also 
crippled targeted organizations for hours, and the machines weren't able to 
reboot. There was speculation of a North Korea or China connection to the 
attacks.

[...]



_______________________________________________
ISN mailing list
ISN () lists infosecnews org
http://lists.infosecnews.org/mailman/listinfo/isn_lists.infosecnews.org