Skip to content

2013 Press Release

South Korea cyber attack on anniversary of Korean War

Information related to military forces in Korea and ruling party member personal information at risk

26 June 2013 – Leading global security company, Trend Micro Incorporated (TYO:4704), reports on the wave of targeted cyber attacks on South Korean government and media agencies. The attack began around 9:30am on the day of the Korean War anniversary, with the defacement of the Presidential Office – Cheong Wa Dae’s web site – and extending to the office of Government Policy Coordination.

The defaced website showed a message that read “Great leader Kim Jong-un” - North Korea’s top Leader. The unidentified attacker claims to be part of the hacktivist group, Anonymous, who was involved in recent #OpPetrol and #OpUSA operations, and has posted online what may be the information of 20,000 military personnel.

Website defacement is only the tip of the iceberg; personal identifiable information of the members of the military and government, including the Presidential Office and the ruling Saenuri party, has been compromised.

According to Trend Micro, the attacker took an unprecedented approach in compromising a cloud storage provider to harvest a large number of botnet in a short period of time. By compromising the server which hosted the client installation program (SIMDisk Installer EXE), and its update server, a significant number of PCs are compromised when the cloud storage client program automatically updates. Compared to the previous cyber attack in March, the attacker has gone to a new level; compromising a cloud storage provider rather than simply an update server within the organisation.

Outside South Korea, Trend Micro predicts that cyber attacks will continue to breach critical systems such as application update servers around the world. It warns that application providers must take greater care in securing their update infrastructure and that end users should be cautious of freeware and only install programs from trusted vendors.

To prevent similar attacks, Trend Micro recommends that organisations ensure their critical systems are patched immediately and monitored for unauthorised changes.

For further information on this threat please visit:
http://blog.trendmicro.com/trendlabs-security-intelligence/compromised-auto-update-mechanism-affects-south-korean-users/

To learn about the Trend Micro approach for addressing targeted cyber attacks visit us at:
http://www.trendmicro.com.au/apt/

About Trend Micro
Trend Micro Incorporated (TYO: 4704;TSE: 4704), the global cloud security leader, creates a world safe for exchanging digital information with its Internet content security and threat management solutions for businesses and consumers. A pioneer in server security with over 20 years’ experience, we deliver top-ranked client, server and cloud-based security that fits our customers’ and partners’ needs, stops new threats faster, and protects data in physical, virtualized and cloud environments. Powered by the industry-leading Trend Micro™ Smart Protection Network™ cloud computing security infrastructure, our products and services stop threats where they emerge – from the Internet. They are supported by 1,000+ threat intelligence experts around the globe.

Additional information about Trend Micro Incorporated and the products and services are available at Trend Micro.com. This Trend Micro news release and other announcements are available at http://newsroom.trendmicro.com and as part of an RSS feed at www.trendmicro.com/rss. Or follow our news on Twitter at @TrendMicro.


Connect with us on