Recently, information about malicious Linux files used in the SK Telecom hacking attack was released on the 25th.
The Korea Internet & Security Agency (KISA), which is investigating the SK Telecom hacking incident, posted a security notice titled "Recent threat information sharing and warning regarding malicious code, IP, and more used in hacking attacks" on this day.
In the notice, KISA did not mention the SK Telecom hacking incident. However, the security industry interprets the publication of the malicious code used in the BPF Door technique, identified as being employed in the SK Telecom cyber attack, as related to this incident.
KISA noted in the notice, "Recent cases of hacking attacks targeting major systems have been confirmed, and we are sharing threat information."
It then shared attack IPs, malicious code hashes, and file information. KISA advised major institutions and corporations to "refer to the threat information, conduct their own security checks, and if traces of intrusion or breach incidents are found, report them immediately through Protection Country."
BPF Door is a backdoor malware and was first identified as a cyber attack technique in a threat report by PWC in 2021.
According to the report, China-based attackers Red Menshen have used BPF Door in attacks targeting the Middle East and Asia for several years. The attack on the SK Telecom server appears to have been carried out by implanting the Linux-based malicious file known as BPF Door.
Although the BPF Door technique is used by a China-based hacking group, it is currently difficult to identify the attackers as they have recently made the source programs used for developing malicious files open source on the internet.
In the security industry, suggestions have emerged that this SK Telecom hacking incident should lead to the establishment of Linux-based vaccines and endpoint detection and response (EDR) systems.
This refers to software that uses real-time analysis and artificial intelligence (AI)-based automation to protect the organization’s end users, devices, and assets from cyber threats that bypass existing endpoint security tools in Linux-based systems.
The United States recommends installing Linux-based vaccines and endpoint detection and response (EDR) systems in all administrations.