Hackers Use PinkStats Malware

Wednesday, June 26, 2013 @ 01:06 PM gHale

A Chinese-speaking cybercriminal group targeted several organizations and nation states from all over the world, security researchers said.

Evidence collected by Seculert found that malware used by the attackers as the main download component, dubbed PinkStats, has been a part of cyber attacks since 2009.

Costs of Breaches Up Globally
Speeding Up System Forensics
Espionage Campaign Uncovered
Utility Blackouts as a Weapon

Most recently, the malware has targeted dozens of organization from South Korea, the researchers said. Experts said this campaign, which resulted in the infection of over 1,000 machines, is one of the largest operations that used the PinkStats malware.

In the attacks against South Korean organizations, PinkStats downloaded two additional pieces of malware on the infected devices.

The first is a Chinese attack tool called “zxarps,” that allows the attackers to inject iframes into active web sessions. The second component downloaded by PinkStats is a distributed denial-of-service (DDoS) tool disguised as a piece of software from a South Korean antivirus company, AhnLab.

To date, the DDoS tool has not received specific instructions from the attackers. However, experts believe this might change soon, considering South Korea’s cyber infrastructure ended up targeted by such attacks.

“This is not the first time we have seen Chinese attackers target entities from other Asian countries,” said Aviv Raff, Seculert CTO.

“However, while it was speculated that the Chinese are behind the recent DDoS attack against South Korea’s critical infrastructure, PinkStats seems to be the first real proof that Chinese-speaking adversaries are indeed targeting South Koreans,” he said.

Leave a Reply

You must be logged in to post a comment.