China investigating IT suppliers linked with Apple for polluting rivers

Local authorities in China are investigating two electronics suppliers linked with Apple and also reportedly HTC of dumping heavy metals in the country's rivers after watchdog groups accused them of damaging the environment.

Last week, five Chinese environmental groups issued a report claiming that factories of Foxconn Technology Group and Unimicron Technology had been polluting rivers in the country's Taihu basin, where the cities of Shanghai and Kunshan are located.

The groups claimed the factories from the two suppliers had dumped large amounts of nickel and copper that had been poisoning the nearby water and soil, and threatening the health of local residents. At the Foxconn facilities, the water was described as black, and carrying an "awful stench". The affected soil had become yellow and red in color, and planted crops were also unable to grow. (A video of the report can be found here.)

On Friday, Kunshan's environmental protection bureau said it would investigate the matter, and monitor the water drained by the facilities. Any violations found will be dealt with, the city said in statement posted on the its official microblog account.

Taiwan-based Foxconn, which builds products for Apple, Microsoft and Sony, said it was aware of the claims made by the environmental groups, but said the waste treatment from its facility in Kunshan was in line with local regulations.

"The river that runs through the middle of that industrial park receives waste water discharges from a number of companies that are based in the park," the company said in a statement. Foxconn also said it was supporting government plans to protect the Taihu lake basin, and advocated other companies should do the same.

Unimicron, another Taiwan-based company, did not immediately respond to a request for comment.

The dumping of the heavy metals by electronic suppliers usually comes from the manufacturing of printed circuit boards, according to the Chinese environmental groups. Copper toxicity can cause the poisoning of fish and soil, and lead to cardiovascular illness in humans, while nickel is a known carcinogen, the groups added.

In its report, the environmental groups said they suspected Unimicron's facility in the lake basin of supplying to smartphone maker HTC.

In response, HTC said, "The company has been taking a proactive approach to ensure proper and prudent supply chain management," and works to ensure all of its suppliers follows the company's code of conduct.

In recent years, Chinese environmental groups have been critical of electronic manufacturers in the country for polluting. In the past, Apple was accused of failing to prevent its suppliers from damaging the environment. Apple later agreed to jointly audit one of its suppliers' factories in China with a prominent environmental group in the country. Apple did not respond when asked to comment on the investigations by Kunshan's environmental protection bureau.

New disk wiper malware linked to attacks in South Korea

A new piece of malware designed to delete files from hard disk drives and render computers unable to boot targets South Korean users, according to researchers from security firm Symantec.

 

The malware is similar to the Jokra Trojan program that was used in March to wipe the hard drives of computers belonging to several banks and TV broadcasters in South Korea, leading to significant disruptions of their operations.

 

The attack in March was attributed by security experts to a hacker gang called "DarkSeoul" that's also believed to be responsible for the distributed denial-of-service attacks from Tuesday against South Korean websites, including that of South Korean President Park Guen-hye.

 

The new hard-drive wiper malware is called Trojan.Korhigh and was found by Symantec researchers during their investigations into cyberattacks in South Korea. "Trojan.Korhigh has the functionality to systematically delete files and overwrite the Master Boot Record (MBR) on the compromised computer, rendering it unusable," the Symantec researchers said Thursday in a blog post.

 

The Master Boot Record (MBR) resides at the beginning of a storage drive and contains information about how that drive is partitioned. It also includes boot code that runs before the operating system starts. If the MBR is missing, a computer will no longer be able to load the operating system.

 

In addition to overwriting the MBR on compromised computers, the Korhigh Trojan program can also wipe files with specific extensions, including executable files, libraries, Web pages, videos and images.

 

The malware can also be instructed to change the user passwords on the infected computers to highanon2013 and to replace the desktop wallpaper with an image that mentions a group called High Anonymous.

 

Korhigh gathers information such as the operating system version, the computer's name and the current date from infected computers and uploads the data to remote servers, the Symantec researchers said.

 

South Korean officials frequently blame North Korean hackers for cyberattacks against local organizations and websites. However, there is also technical evidence linking some computer attacks in South Korea to Chinese-speaking hacker groups.

 

Earlier this week, researchers from Israeli security firm Seculert reported that a piece of malware called PinkStats has been used by Chinese hackers to compromise over 1,000 computers belonging to dozens of organizations in South Korea, including many educational institutions.

 

The identities of the attackers behind the Korhigh Trojan program cannot be confirmed, the Symantec researchers said, noting that their investigation of the threat continues.

 

 

South Korean cyberattacks linked to known gang

One well-known gang of hackers contributed to cyberattacks on South Korea on Tuesday, which coincided with the 63rd anniversary of the start of the Korean War, according to analysis from Symantec.

 

The attacks on Tuesday disabled websites, including that of South Korean President Park Guen-hye. North Korea is frequently suspected of having a hand in the attacks, which have coincided with the anniversaries of significant historical events, but definitive attribution is difficult.

 

Symantec wrote some of the distributed denial-of-service (DDoS) attacks were likely conducted by a group named "DarkSeoul," which has carried out destructive, high-profile campaigns against South Korea and the U.S. for at least four years.

 

DarkSeoul is also believed to have been behind the March 20 cyberattacks against South Korea that used Jokra. It is a piece of malware designed to overwrite a computer's master boot record, which is the first sector of the computer's hard drive that the computer checks before the operating system is booted. The attacks hit at least three television stations and four banks.

 

This time around, Symantec wrote that DarkSeoul seeded websites with "Castov," a tampered version of a legitimate program called SimDisk.

 

SimDisk is a file-sharing and storage application, according to a writeup by Trend Micro. The SimDisk installer was modified to change the website the application uses to receive updates to a malicious one. The same infection technique was also used for another application called Songsari.

 

"We currently do not have exact details about the method of compromise, but this shows that users also need to be vigilant about the security of the auto-update mechanism of the vendors they choose to trust," wrote Marco Dela Vega, a threats researcher with Trend.

 

Once it infects a machine, Castov downloads more components, even utilizing the TOR (The Onion Router) network. TOR is a worldwide network of servers that routes Web traffic with a high degree of anonymity through many servers and obscures a computer's real IP (Internet Protocol) address.

 

"The attacks conducted by the DarkSeoul gang have required intelligence and coordination and in some cases have demonstrated technical sophistication," Symantec wrote.

 

"Symantec expects the DarkSeoul attacks to continue and, regardless of whether the gang is working on behalf of North Korea or not, the attacks are both politically motivated and have the necessary financial support to continue acts of cybersabotage on organizations in South Korea."