Stolen logins used to distribute malware in South Korea attacks
Security vendor AhnLab claims credentials were used to access patch management systems and distribute malware.
Security vendor AhnLab has confirmed that stolen login details were used to carry out cyber attacks against South Korean banks and broadcasters last week.
As reported by IT Pro last week, hackers brought down several broadcasters and major banks in South Korea, in a series of attacks that have been linked to North Korea and China.
It is thought the attacks affected 32,000 servers managed by the banks and broadcasters.
A malware analysis by security vendor AlienVault said the attack had been caused by a piece of code that overwrites the master boot record and stops computers restarting after a reboot.
But, at the time of last week's report, the firm was unable to shed any light on how the malware gained access to the systems.
However, South Korea-based security vendor AhnLab has now claimed the hackers obtained user IDs and passwords to deliver the malware during some of the attacks.
"The credentials were used to gain access to individual patch management systems located on the affected networks," said the company in a statement.
Sign up today and you will receive a free copy of our Future Focus 2026 report - the leading resource for IT decision-maker insight on priorities and investment areas in AI, security and more.
"Once the attackers had access to the patch management system they used it to distribute the malware much like the system distributes new software and updates."
Speaking to IT Pro, Simon Edwards, regional manager for the UK at AhnLab, confirmed the attackers were able to use the logins to infiltrate his firm's patch management tools.
"There was no compromise of our own systems at any point, but they managed to get our user names and passwords from somewhere," he added.
The company also claims the malware can be detected in real-time and deleted using its multi-dimensional protection technology.
Caroline Donnelly was the news and analysis editor of IT Pro. Previously, she worked as a reporter at several B2B publications, including UK channel magazine CRN, and as features writer for local weekly newspaper, The Slough and Windsor Observer. She studied Medical Biochemistry at the University of Leicester and completed a Postgraduate Diploma in Magazine Journalism at PMA Training in 2006.
-
Cyber experts issue alert after two ransomware groups team up on ‘unprecedented’ threat campaignNews The tie-up includes a new model of industrialized ransomware deployment that significantly lowers the barrier to entry for cyber crime
-
Agentic AI 'breaks the traditional SaaS seat licensing model'News Incumbent software vendors will need to work harder than ever to compete with agile, AI-focused disruptors