South Korea and USA
Multiple governmental and financial sites in South Korea and the United States
EFFECT OF ATTACKS:
Peak of ~13GBps floods at peak
Initial speculation: North Korea (1,2,3). Later reports pointed to Great Britain, then the USA (5,6).
South Korean intelligence reported that it had been traced to a cyberwarfare division of the North Korean army (1,2,3). The later reports that point to UK/USA do not specify.
TYPE OF ATTACK:
Malware spread through email, utilizing the older MyDoom worm; infections starting ~May 2009 (1). Estimated infections range from 25,000 (1) to more than 150,000 (5), mostly in China, South Korea, and Japan (2). Targets were hardcoded in autonomous bots. Program disabled Windows Firewall and presented as drivers in the registry. Primary method was use of HTTP GET requests with no-caching instructions, though UDP and ICMP floods were also detected.
Attack on governmental and financial websites in SK and USA allegedly carried out by a cyber warfare unit of the North Korean army (1,2,3). While not having to do with independent media or human rights-based sites, it seems relevant since the perpetrator may have been a government - although later reports seemed to shift blame away from NK (5,6).