South Korean Universities Targeted by PinkStats Malware
PinkStats infects computers, downloads additional programs and reports back to a central server, says security firm Seculert.A Chinese attack tool, dubbed PinkStats, is being actively used to infect South Korean university networks and install denial-of-service attack tools, security firm Seculert stated in a June 25 analysis of the malware. PinkStats has infected at least 1,000 computer systems, mostly in educational institutions within the country, using a technique known as Address Resolution Protocol (ARP) poisoning to insert data into network requests and infect additional systems in the compromised network. Several Chinese-speaking groups are using the malware and the command-and-control server software to manage a number of campaigns, Aviv Raff, chief technology officer for Seculert, told eWEEK. Although no evidence exists that the groups have any relationship with the Chinese government, the tools are in Chinese and the attackers appear to be focused on strategically important targets for China, he said. "They are trying to get into the network to gain more computational power in addition to gaining access to intellectual property from those universities," Raff said. "My guess is that this is more likely hacktivists working under nation-states, rather than cyber-criminals, because they don't just try to infect machines opportunistically."
The issue of nation-state hacking has become a major political issue. In early June, high-level diplomatic talks between the United States and China addressed cyber-attacks and the theft of intellectual property from U.S. companies. While U.S. politicians blame China for the epidemic of attacks that have taken terabytes of information from corporate and government services, Chinese officials have pointed to evidence connecting the U.S. with the Stuxnet attack on Iranian nuclear processing capability.