South Korean Government Attacked By New Trojan:Korhigh

Amid a new wave of attacks hitting government and media networks in South Korea, researchers at Symantec have uncovered yet another piece of malware that destroys sensitive hard drive data and renders computers unusable.


The new malware program is called Korhigh (named by security firm Symantec) and contains the same kind of functionality that simultaneously shut down the networks of a half a dozen banks and broadcasters in March. Korhigh’s discovery on Thursday came a day after researchers at Symantec said they had identified the hacking group responsible for the March attacks. This newly identified DarkSeoul group is also responsible for a wave of attacks that hit South Korea on Tuesday and were apparently timed to coincide with the 63rd anniversary of the state of the Korean War. Like the earlier Jokra malware Korhigh can overwrite a hard drive’s master boot record, which contains information required for the computer to reboot and also permanently destroy stored data.  Korhigh can accept several commands that allow attackers to inflict additional damage inside a system, one such “switch” can change passwords on compromised computers to “highanon2013″ according to a blog post published Thursday by Symantec.  Another, wipes specific types of files, including those that end in .php, .dll, .gif  and 21 other file extensions.  Symantec researchers also wrote in their blog on Wednesday’s post “We can now attribute multiple previous high-profile attacks to the DarkSeoul gang over the last 4 years against South Korea, in addition to yesterday’s attack…The attacks include the devastating Jokra attacks in March 2013 that wiped numerous computer hard drives at South Korean banks and television broadcasters.’  The DarkSeoul group was also held responsible for the attacks on South Korean financial companies in May 2013.
As is almost always the case with network computer attacks, positively identifying the perpetrators is extremely difficult and sometimes prone to errors. It’s still not clear that the DarkSeoul gang is behind the newly discovered Korhigh Trojan. It’s also unknown if there are connections between the various groups identified and if any of them are sponsored by governments from other nations such as North Korea or China.
That having been said, these recent discoveries indicate that politically, nationalistically, or ideologically motivated computer attacks, often with the goal of causing physical destruction, are a growing and dangerously problematic threat.