South Korea’s Military Cyber Command Hacked

This week we hear how South Korea’s Military Cyber Command Got Hacked and a Mac Trojan Uses Russian Space Program as a Front.

Breach

South Korea’s Military Cyber Command Hacked

South Korea found malicious code in the system of their military cyber command center, and North Korea is their number one suspect in the hack. It is unclear how the code got into the system, but it was targeting a “vaccine routing server” on the cyber command network, which provides additional security to approximately 20,0000 military computers that access the internet.

An investigation is underway to identify where the attack originated from. It has yet to be confirmed, but there are indications that it came from North Korea.  

References: South Korea Military Cyber Command Hacked | Attack on South Korean "Vaccine" Router Blamed on North Korea | S. Korea's Military Cyber Command Hacked Last Month

Mitigation Strategies:

  • Security Operations Center team provides 24x7 security monitoring, daily log review, web application firewall management and advanced anomaly detection. 
  • Log management could detect any suspicious user account activity
  • Web application protection to detect suspicious web traffic
  • FIM solution would detect any type of file modification or addition

Malware

Mac Trojan Uses Russian Space Program as a Front

Komplex, a new Trojan, has been identified by security researchers. It has the ability to download, execute, and delete files from infected Mac OS X machines. The malware spreads through phishing emails about Russia’s space program, which includes a 17-page PDF document that’s actually a package of tools that attempts to communicate with creators’ command-and-control servers. It includes sending back data on the version, username, and process list running on the infected system. 

References:  Sofacy APT Targeting OS X Machines with Komplex Trojan | Russian 'Fancy Bear' Hackers Hit Mac OS X With New Trojan | New Mac Trojan Uses The Russian Space Program as a Front

Mitigation Strategies:

  • Mail filtration would scan incoming files and hyperlinks of any malicious links or code
  • Web filtration to prevent users from clicking on malicious websites
  • Anti-virus would detect file infection on the local host
  • FIM solution would detect any type of file modification or addition

Top 20 Malicious IP Addresses

118.170.130.207 46.109.168.179
107.191.63.102 91.185.190.172
188.118.2.26 81.183.56.217
52.1.11.160 114.44.192.128
185.117.73.96 195.133.201.61
87.222.67.194 123.249.0.134
194.87.239.148 112.66.150.3
111.80.120.51 106.187.45.144
52.5.98.73 103.55.64.48
58.218.200.137 183.60.48.25

*IP addresses provided by Recorded Future.