The South Korean police have arrested the chief executive officer and five employees of a company for manufacturing over 240,000 satellite receivers that included functionality for launching distributed denial-of-service (DDoS) attacks. According to authorities, this feature was requested by a foreign client company for illicit purposes.
A scheme of cyberattacks hidden in consumer devices
The events date back to November 2018 when a foreign company, whose identity has not been disclosed, specifically requested that the satellite receivers manufactured by the South Korean supplier included the capability to launch DDoS attacks. This functionality, used to overwhelm systems with a large volume of traffic, was allegedly requested to counteract attacks from a competitor.
From January 2019 to September 2024, the manufacturer distributed over 240,000 receivers worldwide, of which 98,000 units were already pre-installed with the DDoS module, while the rest received this malicious functionality through subsequent firmware updates. The users of these devices, who were unaware of the existence of this feature, could have been unwitting participants in the cyberattacks and experienced a decrease in the performance of their equipment.
Interpol and South Korean authorities unveil the plot
The scheme was uncovered thanks to information provided by Interpol in July of this year. The international organization alerted South Korean authorities about a foreign company (referred to as “Company A”) that was importing satellite receivers equipped with DDoS capabilities from a South Korean manufacturer (“Company B”). A technical analysis of the devices confirmed that the DDoS module was integrated into the firmware during the updates.
Arrests and economic sanctions
The six individuals arrested in South Korea face charges for violations of the Act on Promotion of the Use of Information and Communication Networks and Protection of Information, legislation that regulates the use and security of networks in the country. Additionally, authorities have seized assets from the company valued at 61 billion won (approximately $4.35 million), an amount corresponding to the profits obtained from the sale of the malicious receivers.
While the operators of the foreign company that acquired the devices remain at large, South Korean authorities are working in international collaboration to track down and arrest those responsible outside the country.
Implications and warnings
The case highlights how everyday technologies can be manipulated to carry out large-scale cyberattacks. Moreover, it underscores the need for stricter controls on connected devices and international cooperation in the fight against cybercrime.
Authorities are warning consumers and businesses about the risks of using electronic equipment without verifying its origin and technical specifications, especially when these devices may receive software updates from unknown sources.
via: Bleeping Computer and Police Korea