Espionage the goal of cyber attacks on South Korea, say researchers

The cyber attack that took South Korean broadcasters and banks offline in March was part of a covert espionage campaign, says McAfee

The cyber attack that took South Korean broadcasters and banks offline in March was the conclusion of a covert espionage campaign, according to a report by researchers at security firm McAfee.

The attack, first known as Dark Seoul and now as Operation Troy, caused a significant amount of damage to the affected organisations by wiping the hard drives of tens of thousands of computers.

However, the researchers said the attack was part of an elaborate campaign dating back to 2009 that was aimed at stealing South Korea’s military and government secrets.

McAfee said the malware used to wipe the disks was distinct from that used to hunt for military secrets, but there were many similarities, indicating that they were created by the same team.

The espionage part of the operation used malware designed to scan infected systems and categorise those systems that contain interesting documents.

The directory contents were then uploaded to the attacker’s server, which let the attackers grab documents at will and keep network traffic low, the report said.

The report stopped short of saying that the attacks originated in North Korea, but said the campaign was "attempting to spy on and disrupt South Korea's military and government activities".

“From our analysis we have established that Operation Troy had a focus from the beginning to gather intelligence on South Korean military targets,” the report said.

“We have also linked other high-profile public campaigns conducted over the years against South Korea to Operation Troy, suggesting that a single group is responsible,” the report added.

Despite the findings of the report, South Korea has said that it was impossible to have lost classified data as computers used for such data are not connected to the internet, according to the BBC.

A spokesman for the US Department of Defense said it planned to review the McAfee report.

Image: Thinkstock



Enjoy the benefits of CW+ membership, learn more and join.

Read more on Privacy and data protection



Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: