South Korean Government Attacked By New Trojan Korhigh

Unknown | 00:05 | 0 comments

In the middle of another wave of ambushes hitting government and media organizes in South Korea, specialists at Symantec have uncovered yet an additional bit of malware that crushes touchy hard drive information and renders machines unusable. 



The new malware project is called Korhigh (named by security firm Symantec) and holds the same sort of practicality that synchronously close down the systems of a half twelve banks and supporters in March. Korhigh's disclosure on Thursday came a day after scientists at Symantec said they had distinguished the hacking gathering answerable for the March assaults. This recently recognized Darkseoul assembly is likewise answerable for a wave of assaults that hit South Korea on Tuesday and were clearly timed to match with the 63rd celebration of the state of the Korean War. Like the prior Jokra malware Korhigh can overwrite a hard drive's expert boot record, which holds informative data needed for the workstation to reboot and likewise forever wreck archived information. Coho can acknowledge some orders that permit aggressors to exact extra harm inside a framework, one such "switch" can change passwords on bargained machines to "highanon2013″ consistent with a blog entry distributed Thursday by Symantec. An alternate one, wipes particular sorts of documents, incorporating those that end in .PHP, .Dll, .GIF and 21 other record amplifications. Symantec specialists additionally composed in their online journal on Wednesday's post "We can now trait numerous past high-profile assaults to the Darkseoul posse in the course of the most recent 4 years against South Korea, notwithstanding yesterday's attack… the strike incorporate the destroying Jokra ambushes in March 2013 that wiped various machine hard drives at South Korean banks and TV broadcasters.' The Darkseoul assembly was likewise considered answerable for the assaults on South Korean budgetary organizations in May 2013.

As is very nearly dependably the case with system workstation assaults, decidedly recognizing the perpetrators is to a great degree challenging and frequently inclined to failures. It's still not clear that the Darkseoul group is behind the recently uncovered Korhigh Trojan. It's likewise obscure if there are associations between the different assemblies distinguished and if any of them are supported by governments from different countries, for example North Korea or China.

That having been said, these latest disclosures show that politically, nationalistically, or ideologically roused PC assaults, frequently with the objective of bringing about physical devastation, are a developing and perilously tricky risk. 

[Image From: mokslas]
SOURCE: http://arstechnica.com/security/2013/06/hard-drive-wiping-malware-part-of-new-wave-of-threats-targeting-south-korea/

Category: ,

0 comments