Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: Untangling the News from South Korea - SANS Internet Storm Center SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Untangling the News from South Korea

The morning has brought a lot of links pointing to a number of different computer security incidents coming out of South Korea.  It certainly sounds like the end of the world if you lump all together and attribute them to a single actor.  However I don't think that is case.

Sifting through them I can tease out what appear to be 4 different threads to the story.  In no particular order I have seen:

I'd like to urge readers to not link these 4 events together without additional analysis.  Kaspersky linked the defacement with the wiper malware, despite this same warning being present in the news article that they linked to (I still heart you guys though.)  The timelines on these events are still not clear, and the methods indicate different actors and motivations to me.

Kevin Liston

292 Posts
ISC Handler
Mar 20th 2013
Do you think that one incident triggered a piling-on affect among non-coordinated actors?

1 Posts
I've been keeping a blog post updated as events unfold here. I'm tracking what we know, what's changed and some analyses of the information.

Sign Up for Free or Log In to start participating in the conversation!