back to article Thailand seizes server linked to North Korean attack gang

A server hidden in a Thai university and allegedly used as part of a North Korean hacking operation has been seized by ThaiCERT. Thailand's infosec organisation announced last Wednesday that the box was operated by the Norks-linked Hidden Cobra APT group, and was part of the command-and-control rig for a campaign called …

Anonymous Coward

It took four years to get an IP address from the logs?

3
0
Reply
Anonymous Coward

They went through 7 proxies man, 7!!!!!!!!!

5
0
Reply
Silver badge
Mushroom

Sounds like the plot of some spy/hacker movie...

Though no EMP nuke weapons platform involvement yet....

0
0
Reply
Anonymous Coward

Seven proxies for Seven brothers reboot?

1
0
Reply
Anonymous Coward

Which McAfee?

Which McAfee? The man or the company?

1
0
Reply
Anonymous Coward

Re: Which McAfee?

It's the hot beverage from McDonalds.

12
0
Reply
Anonymous Coward

You'll have to nuke it from orbit

just to be sure

0
0
Reply
Anonymous Coward

The IP of where the attack comes from...

... is no indication of who is in control of it.

First thing to do when launching an attack is compromise a remote machine and launch the attack from there.

2
0
Reply
Silver badge

Re: The IP of where the attack comes from...

No, the first thing to do is modify the remote machine to report the wrong IP address to the logger.

The next machine along the way you modify the logger binary to change the IP address logged.

The next machine along the way is the canary.

1
1
Reply

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2018