Incidents

High profile hacking

I’ve never played the popular online game “The Legend of Mir”. According to some of my friends – who are big fans – I’m really missing out. Yet, I may soon have to take a look, see it for myself. To understand what is driving the hundred of thousand players to desperate measures, even going so far as to kill each other, in real life, for virtual property connected with the game.

All popular places and flourishing economies attract the attention of the bad guys. So it’s no surprise that online gaming sites, which sometimes receive as many as a hundred thousand visits a day, make excellent vectors to deliver malware.

During the past month, at least two high profile Korean websites, www.msn.co.kr and www.koreabaseball.or.kr have been hacked and turned into malware distribution points.

Earlier today, our Korean colleagues from Geot informed us that the trend is continuing. Worse, attacks directed at turning popular websites into malware distribution points are on the rise. A couple of websites which act as portals for the players of the online games Lineage, Hangame and Pmang have been hacked and turned into malware distribution points. The malware in question is Trojan-PSW.Win32.Turtle.a and Backdoor.Win32.GrayBird.bs. Both of them were being deployed through a set of scripts which attempted to exploit various Internet Explorer vulnerabilities – a standard approach.

For the time being, the websites have been cleaned and properly secured against future attacks, however, we are expecting more attacks directed at online gaming portals, especially in Korea but also worldwide.

If you are the administrator of a popular website, keep this in mind: the amount of attention you receive from the bad guys will be directly in proportion to the number of visitors to your site.

High profile hacking

Your email address will not be published. Required fields are marked *

 

Reports

Operation TunnelSnake

A newly discovered rootkit that we dub ‘Moriya’ is used by an unknown actor to deploy passive backdoors on public facing servers, facilitating the creation of a covert C&C communication channel through which they can be silently controlled. The victims are located in Africa, South and South-East Asia.

APT trends report Q1 2021

This report highlights significant events related to advanced persistent threat (APT) activity observed in Q1 2021. The summaries are based on our threat intelligence research and provide a representative snapshot of what we have published and discussed in greater detail in our private APT reports.

The leap of a Cycldek-related threat actor

The investigation described in this article started with one such file which caught our attention due to the various improvements it brought to this well-known infection vector.

Subscribe to our weekly e-mails

The hottest research right in your inbox