SKorea cyber attack part of long campaign: US study

Jul 09, 2013 by Rob Lever
Members of the Korea Internet Security Agency (KISA) check on cyber attacks at a briefing room of KISA in Seoul on March 20, 2013. The massive cyber attacks on South Korean banks and broadcasters earlier this year were part of a broad campaign of cyber espionage which dates back at least to 2009, a US security firm has concluded.

The massive cyber attacks on South Korean banks and broadcasters earlier this year were part of a broad campaign of cyber espionage which dates back at least to 2009, a US security firm has concluded.

The study by the firm McAfee stopped short of blaming specific entities for the March 20 onslaught but said it found a pattern of sophisticated , including efforts to wipe away traces that could lead to detection.

"The level of sophistication would indicate it is above and beyond your average individual or run-of-the mill hacktivism group," said James Walter, a McAfee researcher and co-author of the study.

An official South Korean investigation in April determined North Korea's military was responsible for the attacks which shut down the networks of TV broadcasters KBS, MBC and YTN, halted financial services and crippled operations at three banks—Shinhan, NongHyup and Jeju.

Walter told AFP that McAfee drew no official conclusion but added that "I have no reason to disagree" with the South Korean investigation conclusion.

But McAfee said the attacks represented only a small portion of the cyber campaign being carried out since 2009.

"One of the primary activities going on here is theft of intellectual property, data exfiltration, essentially stealing of secrets," Walter said.

The report said the attacks, known first as Dark Seoul and now as Operation Troy were "more than cybervandalism... South Korean targets were actually the conclusion of a covert campaign."

McAfee concluded that two groups claiming responsibility for the attack were not credible.

"The clues left behind confirm that the two groups claiming responsibility were a fabrication to throw investigators off the trail and to mask the true source," the report said.

Walter said that it is possible that with the campaign nearing detection, the hackers launched these attacks to distract the public and then sought to blame them on little-known entities, the NewRomanic Cyber Army Team, and the Whois Hacking Team.

He added that up to now, the cyber espionage effort "has been very successful in being under the radar" and that "what we see now was a more visible activity that is coupled with a distraction campaign."

McAfee concluded that the remote-access Trojan was compiled January 26, and a component to wipe the records of numerous systems was compiled January 31.

"The attackers who conducted the operation remained hidden for a number of years prior to the March 20 incident by using a variety of custom tools," the report said.

"Our investigation into Dark Seoul has found a long-term domestic spying operation underway since at least 2009... We call this Operation Troy, based on the frequent use of the word Troy in the compile path strings in the malware."

McAfee carried out the study as part of its research into cybersecurity issues, Walter said.

The attack came days after North Korea had accused South Korea and the United States of being behind a "persistent and intensive" hacking assault that temporarily took a number of its official websites offline.

It also coincided with heightened military tensions on the Korean peninsula, following Pyongyang's nuclear test in February.

Explore further: Study: Social media users shy away from opinions

add to favorites email to friend print save as pdf

Related Stories

South Korea beefs up cyber security

Jul 04, 2013

South Korea on Thursday said it would double its cyber-security budget and train 5,000 experts amid growing concern over its vulnerability to attacks it blames on North Korea.

SKorea says several gov't, private websites hacked

Jun 25, 2013

South Korea said multiple government and private sector websites were hacked on Tuesday's anniversary of the start of the Korean War, and Seoul issued a cyberattack alert warning officials and citizens to take security measures.

Studies: Cyberspying targeted SKorea, US military

Jul 08, 2013

The hackers who knocked out tens of thousands of South Korean computers simultaneously this year are out to do far more than erase hard drives, cybersecurity firms say: They also are trying to steal South ...

SKorea says NKorea behind computer crash in March

Apr 10, 2013

(AP)—North Korea was responsible for a cyberattack that shut down tens of thousands of computers and servers at South Korean broadcasters and banks last month, officials in Seoul said Wednesday, noting ...

Recommended for you

WEF unveils 'crowdsourcing' push on how to run the Web

3 hours ago

The World Economic Forum unveiled a project on Thursday aimed at connecting governments, businesses, academia, technicians and civil society worldwide to brainstorm the best ways to govern the Internet.

Study: Social media users shy away from opinions

Aug 26, 2014

People on Facebook and Twitter say they are less likely to share their opinions on hot-button issues, even when they are offline, according to a surprising new survey by the Pew Research Center.

US warns shops to watch for customer data hacking

Aug 23, 2014

The US Department of Homeland Security on Friday warned businesses to watch for hackers targeting customer data with malicious computer code like that used against retail giant Target.

Fitbit to Schumer: We don't sell personal data

Aug 22, 2014

The maker of a popular line of wearable fitness-tracking devices says it has never sold personal data to advertisers, contrary to concerns raised by U.S. Sen. Charles Schumer.

Should you be worried about paid editors on Wikipedia?

Aug 22, 2014

Whether you trust it or ignore it, Wikipedia is one of the most popular websites in the world and accessed by millions of people every day. So would you trust it any more (or even less) if you knew people ...

How much do we really know about privacy on Facebook?

Aug 22, 2014

The recent furore about the Facebook Messenger app has unearthed an interesting question: how far are we willing to allow our privacy to be pushed for our social connections? In the case of the Facebook ...

User comments : 0