The "Dark Seoul" Hackers Were After South Korean Military Secrets | Motherboard

The "Dark Seoul" hackers were after South Korean military secrets

Shares

BY MEGHAN NEAL

New light has been shed on the major cyberattack that wiped out tens of thousands of computers in South Korea in March. According to a new report from security firm McAfee Labs, the hackers weren’t simply out to cause mischief, wreaking havoc on ATMs and telecommunications throughout the country. They were trying to steal military secrets.

Researchers say this information adds weight to South Korea's claim that North Korea was behind the "Dark Seoul” attack in March.

There’s logic to this claim. North Korea has accused its neighbors to the south as being a merely a puppet nation in cahoots with the U.S., and the report found that the cyberattackers were searching for signs of military plans showing South Korea and the US teaming up.

The hackers used malware codes injected like a Trojan horse, in a program dating back to 2009, now nicknamed the "Operation Troy,” to search out terms (in Korean) like "US Army," "secret," "weapon," "Joint Chiefs of Staff," and other "sensitive" terms that the report didn't publish at the behest of the US government.

"This goes deeper than anyone had understood to date, and it's not just attacks: It's military espionage," Ryan Sherstobitoff, a senior threat researcher at McAfee, told the Associated Press.

The Dark Seoul attack wasn't the first time South Korea has pointed fingers north. (And won't be the last.) Others aren't so sure. Some blame China. Others, like security software maker Symantec, blame the mysterious “Dark Seoul Gang,” which Symantec reports is a well-organized group of 10 to 50 hackers—though of course that tells us nothing about who they are, where they are, or what their motivations are. Is it North Korea? Is it Anonymous? Are they the same?

 

Read the full story on Motherboard