Tag Archive: Chinese hackers


SymantecIn the anti-virus company Symantec today said they analyzed the code used during yesterday’s cyber attack on South Korean bank and TV servers.

The company came to the conclusion that, for a massive attack used Windows-malware, which has in its composition module to remove the information including the Linux-machines. According to Symantec, the malware was named Jokra and is a rather unusual development.

“We are quite rare components of malicious programs that run on a set of operating systems at once, so the code in this regard is quite interesting. Interesting to see how attackers trying to hurt Linux-machines even when the code was originally created under Linux”, – is spoken in Symantec.

Inside Jokra also have components test version of Windows using the program mRemote, which places the modules for remote control of different platforms.

According to official data, South Korea is now investigating the next attack. It is known that within it hit four banks and a number of local TV stations. Today, representatives of South Korea said that a cyber attack was carried out with the Chinese IP-addresses. Some time ago, the Korean telecom regulator said that hackers used a Chinese IP-addresses and to attack with the aim of placing malicious code on Korean computers. They also state that have not yet completed the investigation and continue to search for the final attack organizers. Continue reading

South Korea cyberattackThe Republic of Korea reported that hacker attacks on its television stations and banks has been carried out with the IP-address registered in China.

The authorities of the affected country suggest that the hackers attack through Chinese proxy could make North Korea.

Some time ago, the Korean telecom regulator said that hackers used a Chinese IP-addresses and to attack with the aim of placing malicious code on Korean computers. They also state that have not yet completed the investigation and continue to search for the final attack organizers.

This is also indicated by the one of the sources in the presidential administration. As a result of a hacker attack stopped working servers television companies YTN, MBC and KBS, as well as two large banks – Shinhan Bank and NongHyup Bank.

“Unidentified Chinese hackers used IP-addresses to communicate with servers Korean organizations and the arrangement of the malware. At this stage, we continue to make efforts to establish the source of the attacks. While we do not make any conclusions, but at the same time, nothing not rule out “- has twisted the head of Korean telecom regulator Park Jae-moon. Continue reading

Unit 61398Independent research company Mandiant today published another study that says an attack is demonized and the ubiquitous “Chinese hackers” for U.S.

IT infrastructure. However, if you still have an investigation, revelations have been largely focused on some “Chinese hackers” that have been positioned as a “thing in itself”, the Mandiant openly suggesting a connection hackers and People’s Liberation Army of China.

According to the report, China’s military operates a so-called “Unit 61398”, engaged in the development and implementation of APT-attack (Advanced Persistent Threat) in the company’s report says that the authors believe the funding “61,398 units” of public money in China is in the unit interests of the Chinese state agencies. To implement the APT-attack unit has sufficient resources, capabilities and knowledge convinced Mandiant.

Mandiant investigation showed that physically “Unit 61398” is based in Pudong – a suburb of Shanghai. The division has its own headquarters area of ​​over 12,000 square meters. In Mandiant say that in China “Unit 61398” – is a state secret and not one of the official authorities did not recognize the existence of “61,398 units”, and do not tell anything about his activities. Similarly, a few decades ago, the U.S. acted against the agency NSA. Continue reading

%d bloggers like this: