Destover: Destructive malware has links to attacks on South Korea
Contents
Backdoor.Destover, the destructive malware that was the subject of an FBI Flash Warning this week, shares several links to earlier attacks directed at targets in South Korea. Some samples of Destover report to a command-and-control (C&C) server that was also used by a version of Trojan.Volgmer crafted to attack South Korean targets. The shared C&C indicates that the same group may be behind both attacks.
Volgmer is a targeted piece of malware, likely used by a single group, which has been used in limited attacks, possibly as a first stage reconnaissance tool. It can be used to gather system information and download further files for execution. Significantly, the version of Volgmer which shares a C&C with Destover was configured specifically to attack South Korean targets and will only run on Korean computers.
Destover also share some techniques and component names with the Jokra attacks against South Korea in 2013. However there is …
Volgmer is a targeted piece of malware, likely used by a single group, which has been used in limited attacks, possibly as a first stage reconnaissance tool. It can be used to gather system information and download further files for execution. Significantly, the version of Volgmer which shares a C&C with Destover was configured specifically to attack South Korean targets and will only run on Korean computers.
Destover also share some techniques and component names with the Jokra attacks against South Korea in 2013. However there is …