back to article Thailand seizes server linked to North Korean attack gang

A server hidden in a Thai university and allegedly used as part of a North Korean hacking operation has been seized by ThaiCERT. Thailand's infosec organisation announced last Wednesday that the box was operated by the Norks-linked Hidden Cobra APT group, and was part of the command-and-control rig for a campaign called …

  1. Anonymous Coward
    Anonymous Coward

    It took four years to get an IP address from the logs?

  2. Anonymous Coward
    Anonymous Coward

    They went through 7 proxies man, 7!!!!!!!!!

    1. Sgt_Oddball Silver badge

      Sounds like the plot of some spy/hacker movie...

      Though no EMP nuke weapons platform involvement yet....

      1. Anonymous Coward
        Anonymous Coward

        Seven proxies for Seven brothers reboot?

  3. Anonymous Coward
    Anonymous Coward

    Which McAfee?

    Which McAfee? The man or the company?

    1. Anonymous Coward
      Anonymous Coward

      Re: Which McAfee?

      It's the hot beverage from McDonalds.

  4. Anonymous Coward
    Anonymous Coward

    You'll have to nuke it from orbit

    just to be sure

  5. Anonymous Coward
    Anonymous Coward

    The IP of where the attack comes from...

    ... is no indication of who is in control of it.

    First thing to do when launching an attack is compromise a remote machine and launch the attack from there.

    1. EveryTime Silver badge

      Re: The IP of where the attack comes from...

      No, the first thing to do is modify the remote machine to report the wrong IP address to the logger.

      The next machine along the way you modify the logger binary to change the IP address logged.

      The next machine along the way is the canary.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019