EDITION : English/Korean

Nav
Updated

Duuzer Malware Attacks South Korea’s Manufacturing Industry; Security Firm Symantec Deems South Korea “An Attractive Target” To Cyber Attackers

by Czarelli Tuason / Nov 10, 2015 06:35 PM EST
Hand typing on computer | By: Rafe Swan | Getty Images

Security firm Symantec noted that Organizations in South Korea are now being targeted by a malware called the "Duuzer" from an unknown source that seems to have its eyes on the country's manufacturing industry.

Duuzer is a sneaky backdoor program capable of working on 32-bit and 64-bit Windows versions that allows hackers full access to infected computers. The attackers are then able to steal system information; manipulate and delete processes, files and commands and a lot more, noted CSO Online.

"It's clearly the work of skilled attackers looking to obtain valuable information," said Symantec security response team researchers.

Once a computer is infected with the Duuzer virus, the hackers will try to conceal the malware by imitating existing applications.

"The attackers appear to be manually running commands through the back door on affected computers," noted Symantec in a blog post. "In one case, we observed the attackers creating a camouflaged version of their malware, and in another, we saw them attempting to, but failing to deactivate Symantec Endpoint Protection (SEP)."

 According to Security Week, the Duuzer malware seems to be the brainchild of the same group that's responsible for the Brambul and Joanap threats that have been going around South Korea, downloading payloads and snooping on infected computers.

Brambul works by connecting to IP addresses and is granted access by using common passwords such as "12123," "password," "abc123," "iloveyou" and "login." Once a machine is infected, the virus paves the way for network sharing that allows hackers to access the system drive. It then sends vital information from the computer to a preconfigured address.

Joanap, on the other hand, is a backdoor program like Duuzer that gathers and sends specific files to hackers.

With South Korea's large number of big international and local firms, it comes to no surprise why many attackers target the country.

"The numerous malicious campaigns in the region highlight how attackers continue to see South Korea as an attractive target," explained Symantec researchers.

Like us and Follow us
© 2024 Korea Portal, All rights reserved. Do not reproduce without permission.
Connect with us : facebook twitter google rss

Subscribe to our Newsletter

Don't Miss

Real Time Analytics