Similar to the attack on Sony Pictures we’ve noticed a particular Twitter user tweeting his demands toward the affected company, and if not met, would subsequently release various KHNP documents. Among these demands are the shutdown of nuclear power plants in Korea (nuclear provides for 29% of South Korean electricity requirements).
While there are definite similarities in the behavior of all these attacks, this is not enough to conclude that the parties behind the attacks are also related. All three attacks have been well documented, and it is possible that the parties behind each attack were “inspired” by the others without necessarily being tied. These attacks highlight Trend Micro’s findings about the destructive, MBR-wiping malware that appear to have become a part of the arsenal of several threat actors. This is a threat that system administrators will have to deal with, and not all targeted attack countermeasures will be effective. Techniques to mitigate the damage that these attacks cause should be considered as a part of defense-in-depth networks.
More information can be found attached or in Trend Micro’s blog post.