14 DAY TRIAL // Last week, over 32,000 computer servers operated by South Korean financial institutions and broadcasters were compromised by a piece of malware.
Some reports have revealed that the attackers might have utilized a security hole in the products of AhnLab, a South Korean antivirus company whose solutions are used by many of the victims of the attack.
However, according to AhnLab, the attackers haven’t exploited a security hole in the company’s products to deliver the malicious code. Instead, they somehow obtained user IDs and passwords for patch management systems located on the affected networks.
By gaining access to the patch management systems, the cybercriminals were able to distribute the malicious elements by disguising them as new software and software updates.
Richard Henderson, a threat researcher for FortiGuard Labs, told Wired that the pieces of malware utilized in the attack were programmed to step into play on March 20 at 2PM local time. At precisely 2PM, the malicious elements started wiping the master boot records of the infected machines.