North Korea ships malware-infected games to South Korean users, uses them to launch DDoS attacks

North Korea ships malware-infected games to South Korean users, uses them to launch DDoS attacks

Summary: Seoul's Metropolitan Police Agency has intercepted a cyber attack plot orchestrated by North Korea's Reconnaissance General Bureau, which successfully shipped malware-infected games to South Korean users.

SHARE:
TOPICS: Security
13

According to an independent report published in Korea's JoongAng Daily, Seoul's Metropolitan Police Agency has intercepted a cyber attack plot orchestrated by North Korea's Reconnaissance General Bureau, which successfully shipped malware-infected games to South Korean users which were later on used to launch a DDoS attack against the web site of Incheon Airport.

More details:

According to the police, the South Korean man, identified by the surname Jo, traveled to Shenyang, northeastern China, starting in September 2009 and met agents of an alleged North Korean trading company. He allegedly asked them to develop game software to be used in the South.

Jo purchased dozens of computer game software for tens of millions of won, which was a third the cost of the same kind of software in the South. The games were infected with malignant viruses, of which Jo knew, an official at the police agency said.

Jo sold the games to South Korean operators of online games. When people played the games, the viruses used their computers as zombies, through which the cyberattack was launched.

This is the second attempt by North Korea in recent months to engage in electronic warfare with South Korea, following the use of GPS jammers causing difficulties in air and marine traffic controls.

What's particularly interesting about North Korea's infection vector in this campaign, is that it's not a novel approach to spread malware. Instead, it relies on a chain of trust, from the unknown origin of the produced games, to the sellers claims that they are malware-free, and ultimately targets bargain hunters. In the past, software piracy has proven to be a key driving force behind the growth of malware campaigns internationally.

Distribution of malware-infected games greatly reminds me of a case which happened in Eastern Europe in the 90s where a malware coder participating in a popular IT magazine's coding contest, on purposely backdoored his game, which ended being shipped to thousands of subscribers on a magazine-branded CD. Although a good example of a flawed QA (Quality Assurance) on behalf of the magazine, South Korean authorities claim that the person who purchased the games actually knew that they were infected with malware, hence the lower price for purchasing them.

Just how big of a cyber threat is North Korea? It's an emerging market player, having actively invested in the concept over the years, that's for sure.

In my recent conversation with cyber warfare expert Jeffrey Carr, he pointed out that he doubts Russia or China will knowingly supply the irrational North Korea with cyber warfare 'know how'. However, Russia or China's chain of command doesn't need to know that this outsourcing will ever take place, as North Korea could easily outsource to sophisticated cybercriminals doing it for the money, not for the fame.

Who do you think currently poses a bigger cyber threat to the United States - Russia, China, Iran or North Korea?

TalkBack.

Find out more about Dancho Danchev at his LinkedIn profile, or follow him on Twitter.

Topic: Security

Dancho Danchev

About Dancho Danchev

Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, malware and cybercrime incident response.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

13 comments
Log in or register to join the discussion
  • Why would anyone from South Korea

    trust somebody from North Korea, and asked them to develop game software to be used in the South.

    This would be like someone from Isreal asking an Iranian Video game company to develope games for them.

    You really don't know who you're talking to at that point
    William Farrel
    • DDoS attacks

      The original article did not note if the South Korean was not working for the North. He knew the software had a virus.

      There are Koreans in the South that are pro North Korea. Every year South Koreans get caught spying for North Korea or a North Korean agent is caught.

      The software targeted the Inchon Airport and many government sites in South Korea with DDoS.
      daikon
  • Oh I love this new Trojan Horse prototype

    Can't wait for our pals the Chinese Communists to *catch on* and package in a few well-timed, strategic surprises in all those hi-tech goods we import in the name of "multinational co-dependence." The Sino Reconnaissance Bureau would be rolling over in stitches -- who knew it could be so easy?

    "Serve the People" as Mao used to say. ;)
    klumper
    • too late

      They already do so in hardware.
      Sqrly
    • They can try HOWEVER

      with the screening that the DoD does, those things wouldn't stay 'secret' for long and would be found.
      Lerianis10
    • Been Going On for Years

      Checkout an article published by The Council on Foreign Relations in Foreign Affairs magazine from Sep/Oct 2010 titled "Defending a New Domain" and you will find how deep the rabbit hole goes on Chinese backdoors. The article is written by William J Lynn III (yes, the guy who ran the pentagon at the time) and talks about how the US DoD discovered that the Chinese had infiltrated many major US corporations, defense contractors and military systems through the use of counterfeit chips that look like the real thing slipped into the supply chains at the Chinese manufacturing plants where these devices were made.
      cabdriverjim
  • War

    Act of War
    MoeFugger
  • Biggest Cyber Threat to US

    I personally think that China is overrated in the information warfare game and that (speaking from my own probing of Chinese high profile networks) their own networks are largely insecure.
    I think that Russia has the best capability and perhaps the best existing IT security for their government / military computers.
    However, Iran is probably the most likely nation to launch cyber attacks openly and directly on the US because they have already been targeted. In a way, Iran is the Estonia of the non-Western world when it comes to cyber security.
    f0real
  • Air Traffic Control Computers / Embedded Systems at Incheon Airport?

    Can somebody tell me if this is true?

    I heard that along with this DDoS thing that South Korea is investigating a stuxnet-style virus that infected ATC systems at Incheon Airport.
    f0real
    • ATC Systems

      The last report I saw the police were looking into. Nothing has been reported if anything was found.
      daikon
  • How much longer do you think the 'net will be viable?

    'StuxNet' came from the 'good guys'. 'Flame' grew from who-knows-where. Targets were supposedly in the middle-east. Both are now being picked-apart by various folks with money and resources, and will likely reappear in 'new' and 'exciting' versions. Re: AirTrafficControl: Years ago the FAA contracted with companies in India to write/update ATC software.
    nostril
    • But they were doing so in order to "protect our freedoms"

      ;-)
      otaddy
  • Who?

    Pfft.... China, hands down.
    Hallowed are the Ori