SK Hack by an Advanced Persistent Threat
Contents
SK Hack by an
Advanced Persistent Threat
Command Five Pty Ltd
September 2011
ABSTRACT
This document summarises the July 2011 intrusion into SK
Communications which culminated in the theft of the personal
information of up to 35 million people. It describes the use of a trojaned
software update to gain access to the target network, in effect turning a
security practice into a vulnerability. It also describes the use of a
legitimate company to host tools used in the intrusion. Links between
this intrusion and other malicious activity are identified and valuable
insights are provided for network defenders. Technical details of
malicious software and infrastructure are also provided.
WARNING
This paper discusses malicious activity and
identifies Internet Protocol (IP) addresses, domain
names, and websites that may contain malicious
content. For safety reasons these locations should
not be accessed, scanned, probed, or otherwise
interacted with unless their trustworthiness can be
verified.
SK HACK
On 28 July 2011 SK Communications announced it
had been the subject of a hack which resulted in the
theft of the personal …
Advanced Persistent Threat
Command Five Pty Ltd
September 2011
ABSTRACT
This document summarises the July 2011 intrusion into SK
Communications which culminated in the theft of the personal
information of up to 35 million people. It describes the use of a trojaned
software update to gain access to the target network, in effect turning a
security practice into a vulnerability. It also describes the use of a
legitimate company to host tools used in the intrusion. Links between
this intrusion and other malicious activity are identified and valuable
insights are provided for network defenders. Technical details of
malicious software and infrastructure are also provided.
WARNING
This paper discusses malicious activity and
identifies Internet Protocol (IP) addresses, domain
names, and websites that may contain malicious
content. For safety reasons these locations should
not be accessed, scanned, probed, or otherwise
interacted with unless their trustworthiness can be
verified.
SK HACK
On 28 July 2011 SK Communications announced it
had been the subject of a hack which resulted in the
theft of the personal …