It has been found that repeated cyber attacks have recently occurred, targeting social infrastructure such as the government, colleges, energy companies, and Internet firms.
According to Fireeye, a company specialized in the development of anti-advanced persistent threat (APT) software, a large number of cyber attacks were directed against such organizations between August 24 and October 10 this year. Given the server IPs and specific techniques, it is assumed that the attacks were made by those who made the recent zero day attacks that took advantage of the vulnerabilities of Microsoft Internet Explorer.
The malicious code that has been revealed, backdoor.APT.Gh0st, is characterized by using local online game accounts to install itself. Then it allows hackers to collect additional account information from that computer. Fireeye said that the attackers used combinations of various existing malicious code to make this variant.
Besides, during the attacks, the hackers interrupted the operation of free virus scanners such as AhnLab’s V3 and EastSoft’s AlYac, after determining their presence or absence on PCs and servers. Virus scanner update and treatment are not available for computers infected with the code, since the systems are dominated by the it.
“The hackers used the typical GhOst RAT to have access to all of the screen display and video output via key logging, web cam, and the like sent to themselves,” Fireeye warned, adding, “This means that there can be additional information leakage and subsequent hacking attempts.”