Norway and South Korea have been subjected to large-scale cyber attacks
Last week, the largest Norwegian telecommunications company Telenor said that its internal network was attacked, and this incident is classified as an industrial cyber espionage. It is reported that the attackers were able to penetrate into the internal network of the company, as well as gain access to personal computers of top managers. Telenor specialists turned to the police and CERT for an investigation into this incident. The company's information security manager, Rune Dyrlie, commented that the attackers were able to gain access to the company's confidential information.
As in the case of other major cyber attacks on well-known companies and publications earlier this year (NY Times, Washington Post, Twitter, Facebook), in the case of Telenor, the attack was recorded after experts noticed anomalous traffic passing between the internal network and the Internet . In particular, anomalous network activity was recorded on computers of several top managers. As a result of the investigation, it was established that the attackers had stolen electronic correspondence, files, passwords and other personal information from these computers. In addition, the attackers managed to establish control, that is, get full access, to compromised computers. Also, details about the malware that were used in this attack were not disclosed, but it is reported that the threats were installed on computers via phishing emails sent by email. These letters contained a zip archive with malware.
')
It is safe to say that the attack on Telenor is included in the tandem of the latest attacks on the largest companies and publications that we mentioned above. In the case of Telenor, everything seems to be even worse, since the company does not hide the fact that the confidential data of the company's management computers have been compromised. The main shareholder of Telenor is the government of Norway, which makes it a state-controlled company. It employs more than 30 thousand people worldwide and its profit from the provision of telecommunication services totals about $ 18 billion.
Today, three Korean broadcasting, media companies (KBS, MBC and YTN), as well as two large banking institutions (Shinhan and Nonghyup) reported that they suffered from a large cyber attack, which, apparently, was a success by the attackers, and also brought out building the internal networks of these companies for several hours. A KBS employee tweeted the following screen photo of his laptop monitor. Obviously, the OS boot error occurs already at the stage when the computer is managed by the BIOS and is related to the inability to transfer control of the OS loader, which indicates that the MBR partition table or the boot sector has been corrupted. This perceived targeting, as well as the symptoms of MBR damage, indirectly indicate the use of malicious code similar to Shamoon .
In this case, the attack was accompanied by a deface of some South Korean sites with a message from the "Whois Team".
As in the case of other major cyber attacks on well-known companies and publications earlier this year (NY Times, Washington Post, Twitter, Facebook), in the case of Telenor, the attack was recorded after experts noticed anomalous traffic passing between the internal network and the Internet . In particular, anomalous network activity was recorded on computers of several top managers. As a result of the investigation, it was established that the attackers had stolen electronic correspondence, files, passwords and other personal information from these computers. In addition, the attackers managed to establish control, that is, get full access, to compromised computers. Also, details about the malware that were used in this attack were not disclosed, but it is reported that the threats were installed on computers via phishing emails sent by email. These letters contained a zip archive with malware.
')
It is safe to say that the attack on Telenor is included in the tandem of the latest attacks on the largest companies and publications that we mentioned above. In the case of Telenor, everything seems to be even worse, since the company does not hide the fact that the confidential data of the company's management computers have been compromised. The main shareholder of Telenor is the government of Norway, which makes it a state-controlled company. It employs more than 30 thousand people worldwide and its profit from the provision of telecommunication services totals about $ 18 billion.
Today, three Korean broadcasting, media companies (KBS, MBC and YTN), as well as two large banking institutions (Shinhan and Nonghyup) reported that they suffered from a large cyber attack, which, apparently, was a success by the attackers, and also brought out building the internal networks of these companies for several hours. A KBS employee tweeted the following screen photo of his laptop monitor. Obviously, the OS boot error occurs already at the stage when the computer is managed by the BIOS and is related to the inability to transfer control of the OS loader, which indicates that the MBR partition table or the boot sector has been corrupted. This perceived targeting, as well as the symptoms of MBR damage, indirectly indicate the use of malicious code similar to Shamoon .
In this case, the attack was accompanied by a deface of some South Korean sites with a message from the "Whois Team".
Source: https://habr.com/ru/post/173609/
All Articles