South Korean Government issued an warning for a possibility of provocation by North Korea that may occur around The Party Foundation Day (10/10). Followed by recent physical provocations such as nuclear tests and missile launches, level of tension has heightened due to a possibility of cyber attacks.
South Korea’s cyber security industries went into a state of emergency response on the 9th due to North Korea’s cyber provocation such as ‘AllCry’ ransom ware that was spread on the 29th of September. Vice Minister Shim Bo-kyun of Ministry of the Interior and Safety visited National Information Resources Service on the 2nd and examine current status of cyber safety. Korea Internet & Security Agency is also observing closely on possibilities of cyber attacks that may occur on the 10th when people are going back to work after a long holiday weekend.
Security industries are paying attention towards possibilities of AllCry ransomware being spread again on the 10th. AllCry ransomware occurred at the start of a holiday weekend just like WannaCry that struck the world in this past May. Not only is AllCry is a cyber attack that targeted South Korea but it is also able to wreck systems by encrypting EXE files along with documents, pictures, and files.
Whoever spread AllCry falsified himself or herself as a South Korean webhard user and a PUP (Potentially Unwanted Program) internet advertisement sponsor and secretly spread ransomware. Technique that falsified a webhard installation module is same as how DDoS attack spread its files on the 7th of July in 2009. “We found that malware has similar parts as the ones that were used by North Korea in the past.” said a cyber warfare analyst. “We quickly shared this information with related organizations.”

Photo Image
<AllCry ransom note (Reference: ESTsecurity’s blog) >

Cyber attacks with a purpose of securing funds are also taking place at the moment as cyber attacks that are targeting bitcoin exchanges are happening currently. Malware was found from a Korean document that camouflaged itself as a job application form for a bitcoin trading site.
British daily newspaper called The Times quoted former director Robert Hannigan who served as the head of an information institution that specializes in wiretapping and monitoring and reported that North Korea’s level of hacking is becoming like a premier league player. “North Korea is working with criminal organizations from Iran, South-East Asia, and China and has enhanced its hacking abilities.” said Hannigan. “North Korea can outsource criminal organizations and attempt hacking attacks on a third country.” Robert Hannigan also said that North Korea puts up with enormous amount of risks when it attempts to hack and does not care about occurrence of second losses and that there is limitations in how the western world deals with North Korea’s hacking attacks.”
North Korea also secured a new internet access line. Bloomberg reported that Russia’s communication service provider called TransTelecom is providing internet to South Korea. Previously North Korea received internet service from a China’s state business. TransTelecom is under JSC, which is a railroad company operated by Russian Government and is one of the five largest Russian communications service providers. “North Korea has secured an additional path via Russia and avoided internet access blocking by the U.S..” said CTO Bryce Boland for Asia Pacific at FireEye.
Staff Reporter Kim, Insoon | insoon@etnews.com