simdisk
SimDisk South Korean cloud storage auto-update delivered DDoS malware
In July 2013, suspected DPRK-aligned actors (the DarkSeoul/Lazarus cluster) abused the auto-update mechanism of SimDisk, a popular South Korean personal cloud-storage client, to push a malicious update to users. The update dropped a DDoS bot used in attacks against South Korean government and media targets timed around the 25 June 2013 anniversary commemoration. The compromise was disclosed by ESET and other Korean AV vendors and is widely attributed to the same actor cluster behind the earlier 20 March 2013 wiper attacks against South Korean banks and broadcasters.
- Date
- 2013-07-09 to 2013-07-10
- Category
- Commercial
- Target Surface
- Distribution
- Insertion Phase
- distribution
- Impact
- DDoS
- Cause
- Update infrastructure compromise
What Was Affected
Package
simdisk
Languagec++
ComponentApplication
Artifact typebinary archive
Domain typevendor
Domain
simdisk.co.kr
Incident Context
- Motive
- Disruption
- Attribution
- Nation-state
- Transitive
- No
- Observed Duration
- 1 days
External References
Source Data
Source record: proprietary/simdisk/meta.yaml