SKorea cyber attack part of long campaign: US study

Jul 09, 2013 by Rob Lever
Members of the Korea Internet Security Agency (KISA) check on cyber attacks at a briefing room of KISA in Seoul on March 20, 2013. The massive cyber attacks on South Korean banks and broadcasters earlier this year were part of a broad campaign of cyber espionage which dates back at least to 2009, a US security firm has concluded.

The massive cyber attacks on South Korean banks and broadcasters earlier this year were part of a broad campaign of cyber espionage which dates back at least to 2009, a US security firm has concluded.

The study by the firm McAfee stopped short of blaming specific entities for the March 20 onslaught but said it found a pattern of sophisticated , including efforts to wipe away traces that could lead to detection.

"The level of sophistication would indicate it is above and beyond your average individual or run-of-the mill hacktivism group," said James Walter, a McAfee researcher and co-author of the study.

An official South Korean investigation in April determined North Korea's military was responsible for the attacks which shut down the networks of TV broadcasters KBS, MBC and YTN, halted financial services and crippled operations at three banks—Shinhan, NongHyup and Jeju.

Walter told AFP that McAfee drew no official conclusion but added that "I have no reason to disagree" with the South Korean investigation conclusion.

But McAfee said the attacks represented only a small portion of the cyber campaign being carried out since 2009.

"One of the primary activities going on here is theft of intellectual property, data exfiltration, essentially stealing of secrets," Walter said.

The report said the attacks, known first as Dark Seoul and now as Operation Troy were "more than cybervandalism... South Korean targets were actually the conclusion of a covert campaign."

McAfee concluded that two groups claiming responsibility for the attack were not credible.

"The clues left behind confirm that the two groups claiming responsibility were a fabrication to throw investigators off the trail and to mask the true source," the report said.

Walter said that it is possible that with the campaign nearing detection, the hackers launched these attacks to distract the public and then sought to blame them on little-known entities, the NewRomanic Cyber Army Team, and the Whois Hacking Team.

He added that up to now, the cyber espionage effort "has been very successful in being under the radar" and that "what we see now was a more visible activity that is coupled with a distraction campaign."

McAfee concluded that the remote-access Trojan was compiled January 26, and a component to wipe the records of numerous systems was compiled January 31.

"The attackers who conducted the operation remained hidden for a number of years prior to the March 20 incident by using a variety of custom tools," the report said.

"Our investigation into Dark Seoul has found a long-term domestic spying operation underway since at least 2009... We call this Operation Troy, based on the frequent use of the word Troy in the compile path strings in the malware."

McAfee carried out the study as part of its research into cybersecurity issues, Walter said.

The attack came days after North Korea had accused South Korea and the United States of being behind a "persistent and intensive" hacking assault that temporarily took a number of its official websites offline.

It also coincided with heightened military tensions on the Korean peninsula, following Pyongyang's nuclear test in February.

Explore further: South Korea beefs up cyber security

add to favorites email to friend print save as pdf

Related Stories

South Korea beefs up cyber security

Jul 04, 2013

South Korea on Thursday said it would double its cyber-security budget and train 5,000 experts amid growing concern over its vulnerability to attacks it blames on North Korea.

SKorea says several gov't, private websites hacked

Jun 25, 2013

South Korea said multiple government and private sector websites were hacked on Tuesday's anniversary of the start of the Korean War, and Seoul issued a cyberattack alert warning officials and citizens to take security measures.

Studies: Cyberspying targeted SKorea, US military

Jul 08, 2013

The hackers who knocked out tens of thousands of South Korean computers simultaneously this year are out to do far more than erase hard drives, cybersecurity firms say: They also are trying to steal South ...

SKorea says NKorea behind computer crash in March

Apr 10, 2013

(AP)—North Korea was responsible for a cyberattack that shut down tens of thousands of computers and servers at South Korean broadcasters and banks last month, officials in Seoul said Wednesday, noting ...

Recommended for you

LinkedIn membership hits 300 million

Apr 18, 2014

The career-focused social network LinkedIn announced Friday it has 300 million members, with more than half the total outside the United States.

Researchers uncover likely creator of Bitcoin

Apr 18, 2014

The primary author of the celebrated Bitcoin paper, and therefore probable creator of Bitcoin, is most likely Nick Szabo, a blogger and former George Washington University law professor, according to students ...

White House updating online privacy policy

Apr 18, 2014

A new Obama administration privacy policy out Friday explains how the government will gather the user data of online visitors to WhiteHouse.gov, mobile apps and social media sites. It also clarifies that ...

User comments : 0

More news stories

TCS, Mitsubishi to create new Japan IT services firm

India's biggest outsourcing firm Tata Consultancy Services (TCS) and Japan's Mitsubishi Corp said Monday they are teaming up to create a Japanese software services provider with annual revenues of $600 million.

Finnish inventor rethinks design of the axe

(Phys.org) —Finnish inventor Heikki Kärnä is the man behind the Vipukirves Leveraxe, which is a precision tool for splitting firewood. He designed the tool to make the job easier and more efficient, with ...

Atom probe assisted dating of oldest piece of earth

(Phys.org) —It's a scientific axiom: big claims require extra-solid evidence. So there were skeptics in 2001 when University of Wisconsin-Madison geoscience professor John Valley dated an ancient crystal ...