North Korea uses infected games to attack South Korea
Even in the theater of international cyberwarfare, great old civilian attack vectors are utilized. In the case of current DDoS attack on South Korea’s Incheon International Airport, the malware culprit snuck onto finish user computers as they played Trojanized games.
The attacks — which disrupted departures at the airport two or three times in the Spring of 2011 — had been element of a complex plot orchestrated by the North Korean Reconnaissance General Bureau. It kicked off back in 2009, when a South Korean national named Jo bought a bevy of games from agents masquerading as a legitimate trading company, all of which had been infected with malware. Both these facts, said investigators, were identified by the purchaser. The games had been bought at a heavy discount — about a third of what South Koreans normally pay — and then re-sold to internet site operators in the South.
Beyond turning players’ computers into zombies, authorities also believe that Jo may possibly have passed along personal information about much more than 100,000 registered customers to the North Koreans.
Although DDoS attacks may possibly lack the complexity of a Stuxnet or Flame, they can still be incredibly efficient. It is the go-to weapon of Anonymous, and we’ve observed them take down every thing from the PlayStation Network to the CIA site.
North Korea’s intentions are likely a bit more ambitious than shutting down high-profile internet servers in the South, of course. Security authorities think they have their web sites set on further disrupting the country’s infrastructure by way of hacking and malware-based attacks. It will be intriguing to see what else North Korea has tried to infect as a indicates to gaining access to crucial South Korean systems.
Far more at Zero Day