The Korean National Police Agency has arrested the CEO and five employees of a South Korean company for a peculiar cybercrime. The company has been manufacturing and exporting a large number of satellite receivers with embedded Distributed Denial of Service (DDoS) attack capabilities. The arrest followed a tip-off from Interpol in July, when the case picked the interest of international law enforcement.
The receivers were allegedly enhanced with DDoS functionalities at the request of a foreign entity specialising in illegal broadcasting. This entity, which remains unidentified, reportedly sought DDoS functionalities to counter-attack DDoS activity from a competing illegal broadcaster. South Korean National Police Agency reported that the devices were either pre-installed with malware or modified via firmware updates after export.
The relationship between the South Korean manufacturer and the foreign entity dates back to 2017, demonstrating a long-standing partnership. The malicious capabilities were added to the satellite receivers in November 2018. The DDoS functionalities were embedded directly into the receivers, effectively disguising them as ordinary broadcasting equipment. The modifications enabled the devices to launch cyberattacks on command, exploiting their distribution in networks of unsuspecting users.
From January 2019 to September 2024, the manufacturer shipped 240,000 satellite receivers, 98,000 of which had a DDoS module pre-installed, and the rest had a firmware update after delivery. This case serves as a stark reminder of the potential for any device to be weaponised for DDoS, with users of these satellite receivers involuntarily participating in attacks and potentially experiencing reduced device performance during these occurrences.
In response to these illegal activities, a South Korean court authorized the seizure of the company’s assets and the confiscation of $4.35 million, the revenue reportedly earned from selling the malicious satellite receivers. An international arrest warrant has also been issued for a foreign buyer linked to the client firm, which is considered a key player in orchestrating the illegal activities surrounding the DDoS-capable satellite receivers.
About FastNetMon
FastNetMon delivers versatile DDoS detection software for companies at any scale. With extensive experience in the telecom, mobile, and cloud computing industries, we take pride in preventing DDoS attacks and protecting our customers’ networks to the highest standard.
Find out more: https://fastnetmon.com/