4-year Spying Campaign Led to Cyber Attack on South Korea
Recent report released by security company McAfee revealed that South Korea was bombarded with cyber attacks during the last four years, the most recent of which occurred in March and were against two banks and three broadcasters. The government now calls these constant attacks as “Operation Troy”, although they were first known by the name of “Dark Seoul”. So it seems that the attacks conducted earlier this year was just a small fraction of the whole Operation Troy.
The South Korean government now believes that the country behind these events might North Korea or China, although due to the lack of evidence they are not completely sure. The report concerning the incidents in March claimed that the attacks resulted in huge data losses as data from tens of thousands of computers was deleted. During these events damage was caused due to performed massive MBR wiping, but cyber attacks were not just an act of cyber vandalism. McAfee reported that these events were a part of a major espionage campaign, which goal was to steal classified information from S. Korea government and military.
McAfee also claimed that they have gathered a fair amount of information concerning the attackers and the methods they were using. It is now believed that the hacking during Operation Troy was conducted by two groups called “NewRomanic Cyber Army Team” and “Whois Team”, it is also possible that these teams worked for the same client which as mentioned above could be N. Korea or China. The instruments used by the attackers were two Trojans and a wiper, which sources were various online forums and bulletin boards. This particular malware was able to collect data, and after its work was complete it erased the hard drives.
The McAfee concluded their report with a statement which claimed that the main goal of these attacks was to disrupt South Korea’s military and government plans, by conducting a long term espionage campaign which collected data about S. Korean military targets.