Espionage the goal of cyber attacks on South Korea, say researchers

cyber security

Espionage the goal of cyber attacks on South Korea, say researchers

Warwick Ashford

The cyber attack that took South Korean broadcasters and banks offline in March was the conclusion of a covert espionage campaign, according to a report by researchers at security firm McAfee.

The attack, first known as Dark Seoul and now as Operation Troy, caused a significant amount of damage to the affected organisations by wiping the hard drives of tens of thousands of computers.

However, the researchers said the attack was part of an elaborate campaign dating back to 2009 that was aimed at stealing South Korea’s military and government secrets.

McAfee said the malware used to wipe the disks was distinct from that used to hunt for military secrets, but there were many similarities, indicating that they were created by the same team.

The espionage part of the operation used malware designed to scan infected systems and categorise those systems that contain interesting documents.

The directory contents were then uploaded to the attacker’s server, which let the attackers grab documents at will and keep network traffic low, the report said.

The report stopped short of saying that the attacks originated in North Korea, but said the campaign was "attempting to spy on and disrupt South Korea's military and government activities".

“From our analysis we have established that Operation Troy had a focus from the beginning to gather intelligence on South Korean military targets,” the report said.

“We have also linked other high-profile public campaigns conducted over the years against South Korea to Operation Troy, suggesting that a single group is responsible,” the report added.

Despite the findings of the report, South Korea has said that it was impossible to have lost classified data as computers used for such data are not connected to the internet, according to the BBC.

A spokesman for the US Department of Defense said it planned to review the McAfee report.


Image: Thinkstock


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy