Skip to content

2013 Press Release

S. Korea Cyber-Attacked on the Day of Korean War Anniversary

Information related to Military Forces in Korea and Ruling Party Member Personal Information at Risk

[Taipei, 26 June, 2013] – The leading global security company Trend Micro Incorporated (TYO:4704), reports of another wave of targeted cyber-attacks on South Korean government and media agencies. The attack began around 9:30am, on the day of the Korean War anniversary, with the defacement of the Presidential Office – Cheong Wa Dae’s web site, and extending to the office of Government Policy Coordination.

The defaced website showed message that read “Great leader Kim Jong-un" - North Korea’s top Leader. The unidentified attacker claims to be part of the hacktivist group, Anonymous, who was involved in recent #OpPetrol and #OpUSA operations, and has posted online what may be 20,000 military personnel information. Website defacement is only the tip of the iceberg; personal identifiable information of the members of the military and government, including the Presidential Office, and the ruling Saenuri party has been compromised.

According to Trend Micro, the attacker took an unprecedented approach in compromising a cloud storage provider to harvest a large number of botnet in a short period of time. By compromising the server which hosted the client installation program (SIMDisk Installer EXE), and its update server, a significant number of PCs are compromised when the cloud storage client program automatically updates. Compared to the previous cyber-attack in March, the attacker has taken this to a whole new level. Instead of compromising an update server within an organization, the attacker compromised a cloud storage provider.

Trend Micro predicts that cyber-attacks will continue to breach critical systems such as application update servers. Therefore, application provider must take greater care in securing their update infrastructure. Secondly, end users should be cautious of freeware and only install programs from trusted vendor.

To prevent such an attack, organizations must ensure their critical systems are patched immediately and monitored for unauthorized changes.

For further information on this threat, please check:
http://blog.trendmicro.com/trendlabs-security-intelligence/compromised-auto-update-mechanism-affects-south-korean-users/

To learn about Trend Micro approach for addressing targeted cyber-attacks visit us at:
http://apac.trendmicro.com/apt/

About Trend Micro
Trend Micro Incorporated (TYO: 4704;TSE: 4704), the global cloud security, creates a world safe for exchanging digital information with its Internet content security and threat management solutions for businesses and consumers. A pioneer in server security with over 20 years’ experience, we deliver top-ranked client, server and cloud-based security that fits our customers’ and partners’ needs, stops new threats faster, and protects data in physical, virtualized and cloud environments. Powered by the industry-leading Trend Micro™ Smart Protection Network™ cloud computing security infrastructure, our products and services stop threats where they emerge – from the Internet. They are supported by 1,000+ threat intelligence experts around the globe.

Additional information about Trend Micro Incorporated and the products and services are available at Trend Micro.com. This Trend Micro news release and other announcements are available at http://newsroom.TrendMicro.com and as part of an RSS feed at www.trendmicro.com/rss. Or follow our news on Twitter at @TrendMicro.


Connect with us on