Home Phishing Hackers Used Spear Phishing Emails to Start South Korean Banks Attacks

Hackers Used Spear Phishing Emails to Start South Korean Banks Attacks

Posted: March 27, 2013

south korean banks attacked spear phishingLast week there were several attacks that targeted major South Korean organizations, some of which were banking institutions. Researchers from AhnLab and F-Secure uncovered what appears to be spear phishing emails used in the attacks, revealing a malicious archive.

Tools used for exploiting vulnerabilities within organizations, especially banking institutions, come in many forms. The use of spear phishing techniques, the act of specifically targeting a user or department in an organization, is yet another stumbling block for South Korea banks just like it has been on a global scale for many years.

The malicious archive discovered has a name that translates to: "The customer's account history." With such a name, researchers may have initial suspected an attack on banking accounts. After further examination, that is exactly what was revealed where the single file in the archive was titled "shinhancard_2103231_0343342." After finding this, it was notice that Shinhan, the name of a prominent bank in South Korea, was one of the targeted financial institutions.

The malware itself was actually created on March 17th, just days before many South Korean organizations and banks reported disruptions from malicious attacks. The attack carried out, possibly rooting from phishing email archive files, was one that is capable of deleting data. The wiper malware observed in the attacks did not need to infect all systems as it has the ability to delete data from remote systems using login information found in SSH client configuration files.

Loading...