North Korea prime suspect after crude Trojan aimed at South Korean think tanks

[InfoSec News <alerts () infosecnews org>]

http://news.techworld.com/security/3468265/north-korea-prime-suspect-after-crude-trojan-aimed-at-south-korean-think-tanks/

By John E Dunn
Techworld
11 September 2013

Kaspersky Lab has uncovered what looks like a surprisingly clunking 
attempt by North Korean hackers to steal data from think-tanks in hated 
neighbour South Korea using a poorly-concealed Trojan.

The Russian firm’s analysis makes clear that attribution for ‘Kimsuky’ 
can’t be planted on the door of North Korea with absolute certainty but 
it’s hard to see why anyone else would be so interested in its target 
list.

These include among 11 South Korean organisations, the Sejong Institute, 
the Korea Institute For Defense Analyses (KIDA), the Ministry of 
Unification Government department, and Hyundai Merchant Marine, all 
attacked most likely using some form of spear phishing.

The malware first turns off the Windows firewall and the Windows service 
that alerts users to this event and, if it is present, tries to disable 
firewall software from South Korean firm AhnLab, an antivirus client 
extremely popular with businesses in the country.

[...]

--
Find the best InfoSec talent without breaking your
recruiting budget! Post a Job, $99 for 31 days.
Hot InfoSec Jobs - http://www.hotinfosecjobs.com/