March 20 at 14:00 on computers running Windows has been erased boot record MBR and VBR, and on servers running Unix / Linux files deleted via the standard remote management, after receiving authorization data from infected Windows-machines.
The list of goals:
- Nonghyup Bank;
- Shinhan Bank;
- Jeju Bank;
- Nonghyup Life;
- KBS TV;
- MBC TV;
- YTN TV.
Analysis of malware has made security experts from the South Korean company NSHC. Every day they released an updated version of Red Alert report with information about the incident, that the latest version 1.6 of March 22 (pdf).
Based on available information, it can be concluded that just the "destruction" of computer resources of the enemy was made simple, but effective.
The following diagram published dropper and malicious activity on the infected PC utilities.
At several hacked sites hackers placed a beautiful animation.