Destructive malware targets government and media networks in South Korea


A new malicious data wiper program dubbed Trojan.Korhigh by Symantec containing similar functionality to another piece of malware, which took the networks of several South Korean companies offline in a matter of hours back in March, has recently been uncovered by researchers. This nasty bit of malware can permanently destroy data stored on a hard drive and render computers unusable by overwriting a computer’s master boot record which is partially responsible for allowing a computer to boot.

To make things worse, Korhigh also accepts commands that give attackers access to infected systems allowing them to further damage your system. The trojan is capable of changing passwords to “highanon2013” according to a Symantec blog post as well as wiping over 21 different types of file on command.

Korhigh was uncovered after recent attacks made against government and media networks. According to Symantec, the group responsible for Korhigh goes by the name of DarkSeoul which is also thought to be responsible for the March attacks.

DarkSeoul’s motivations appears to be mainly political. They are the main suspects in yet another attack which was carried out last Tuesday — timed to coincide with the 63rd anniversary of the Korean war — which trashed a file storage service called Simdisk, leaving several websites inaccessible. It is still unknown if these attacks have been exacted by North Korea or some other nation.

Politically motivated cyber attacks seem to becoming more and more prevalent these days. Quite distressing, don’t you think?

[via Arstechnica, Symantec image via Mac Forensic lab]

Related Posts