Last week a big cyber operation called DarkSeoul got massive attention on security community as well as on the whole world - South Korea under cyber attacks. Since then for almost a week we can't easily reach any Korean friends, and all sorts of news came out on the Web.
So here is our version. We first shared with CHROOT, HITCON, close partners, then you our readers.
Well, first, how bad?
Let's rereview the impacts on the day March 20th: (Thanks GD/Chroot for the summary)
Nonghyup Bank: 2,000 computers in 30 branches got affected, front desk activities suspended, more than half of ATM got shutdown
Shinhan Bank: 57 branches got affected, all database system crashed or stopped functioning, all transactions halted for 2 hours
Jeju Bank: unknown number of employees' PC got affected, all ATM got shutdown
KBS TV station: 5,000 computers got compromised, radio broadcasting stopped, official websites shutdown
MBS TV station: 800 computers got compromised, half of employees' PC shutdown, internet connections suspended, all using notebooks
YTN TC station: 500 computers got compromised, News broadcasting stopped
LG UPlus ISP: intranet computers got compromised, website got defaced
3 hours after the cyber attack, the military's INFOCON raised from 4 to 3 (normally it's 5).
Xecure Lab did some research on the malware and here's what we like to share.