During the day I’ve been thinking about what have just happened in South Korea.
We have published earlier today a quick blog post about how the wiper payload works. It is a very simple piece of code that overwrites the MBR (Master Boot Record) making the affected system unable to start after reboot.
Other companies have published information about the wiper payloads but anyone is giving information about how the attackers gained access to the affected networks. To execute that payload they had to gain access to the companies somehow and execute the wiping routine at the same time in the affected computers.
If the goal of the attackers was to create panic it means they hadn’t to have a specific list of victims, had they?. From my point of view one of the easiest ways to gain access to several targets without having too much resources/skills would be:
- Buy an exploit kit and a malware kit, hack into websites and redirect victims to your malicious infrastructure.
or even better:
- Rent a botnet(s) that have access to hundreds of computers and try to find victims inside interesting targets.
read more..........http://labs.alienvault.com/labs/index.php/2013/a-theory-on-the-south-korean-attacks/