14 DAY TRIAL // A few weeks ago, Symantec revealed that many of the major cyberattacks launched against South Korea over the past four years were the work of a group called Dark Seoul. On Monday, McAfee released a report which provides additional details on these campaigns.
The recent attack against financial institutions and broadcasters, and the even more recent attacks against government systems are only a small part of the campaign.
The report, “Dissecting Operation Troy: Cyberespionage in South Korea,” reveals that the attacks – which McAfee experts call Operation Troy – involved much more than some defaced computer screens and data wiping malware.
“The attacks on South Korean targets were actually the conclusion of a covert espionage campaign,” the report says.
It’s still uncertain who is behind the attacks, but McAfee’s investigation has found that two groups are involved: the NewRomanic Cyber Army Team and the Whois Hacking Team.
According to researchers, Operation Troy has a number of distinct sub-campaigns, one of which targeted military forces in South Korea in an attempt to extract classified information.
“McAfee Labs has uncovered a sophisticated military spying network targeting South Korea that has been in operation since 2009. Our analysis shows this network is connected to the Dark Seoul incident. Furthermore, we have also determined that a single group has been behind a series of threats targeting South Korea since October 2009,” the report reads.
In these attacks, the cybercriminals created a sophisticated encrypted network which they used to gather intel on military systems. All the data extracted from the targets had been transmitted over the encrypted network.
“What makes this case particularly interesting is the use of automated reconnaissance tools to identify what specific military information internal systems contained before the attackers tried to grab any of the files,” experts explained.