Initially started as a major attack on South Korean media companies and banks,Whois hacker became a major hacking group which had no previous identity in Korea.The affected computers lost some data and few saw 3 skull wallpaper before the computers went down,a Whois hackers banner.
Many were confused and angry because the group directly challenged the cyber security preparation of South Korea.Everyone pointed the fingers on North Korea and found a malware,which was used in the attack. Then came the revelation that no connection was found between North Korea and the malware.Some commenting that if North Korea wants,then they can cripple South Korean cyberspace with attack much sophisticated than the one which affected South Korean banks and media outlets.
The attack used the malware and used the patch management system that was exploited to plant the malware of South Korean antivirus company AhnLab.
And the attacks continue:-
The attack on South Korean websites still continue.This time the targets were the South Korean media outlets who were working against the North Korea.Daily NK,which is run by opponents which is run by opponents of the North Korean government and other associations for North Korean defectors were also paralyzed.
FSecure found a connection between malware and wiper it overwrites the files with zero’s, rename them to a random filename before finally deleting them. It also avoids files found in Windows and Program Files directory. All this make sense because the attacker needed the infected webserver to continue hosting the defaced pages.