It appears that the front ends of the bank system were attacked (as opposed to the backend servers in the data centers). The frameworks and OSs that are used by three of the top four banks in South Korea are very common, and are used world wide, but it appears that only South Korea has had issues.
The patch to cover the vulnerability and the fix looks like it will have to be manually patched on each machine due to the type of vulnerability. This really sucks, as the banks need to run around people to all of the machines.
Unfortunately, banks have bought into what people/consultants/corporations have told them were secure systems, and money has trumped security. So this is not the only vulnerability out there. This news just proves that multiple security precautions have failed, and I hope certain people get banned from working in the security industry after making all these mistakes.