McAfee: Hackers spent four years spying on South Korea
Posted on 9 Jul 2013 at 09:24
A mysterious group of computer hackers has spent four years spying on the South Korea military, according to McAfee, citing evidence uncovered from malicious software samples.
The findings were not confirmed by authorities in Seoul.
McAfee did not identify a sponsor for the attacks but said they were carried out by hackers known as the New Romanic Cyber Army Team. Seoul has blamed North Korea for some of the attacks although Pyongyang denies responsibility and says it too has been a victim.
Officials at the South Korean Embassy in Washington were not immediately available for comment. A Pentagon spokesman said he was unaware of McAfee's findings and declined comment.
Experts with Symantec, another security software maker, last month definitively linked the four-year string of attacks to a single group of hackers. The attacks hit government and corporate computers.
Find out moreBest paid for security suites for 2013
McAfee released a paper analysing the code of the software used by those hackers.
It said the hacking gang infected PCs with sophisticated software that automatically sought out documents of interest by scanning computers for military keywords in English and Korean.
Once the software identified documents of interest, it encrypted those files then delivered them to the hackers' servers, McAfee said.
The paper also described in detail how the attackers siphoned data from infected computers using a botnet.
McAfee named the attacks "Operation Troy", because the word Troy frequently appeared in the code of the malicious software. The New Romanic Cyber Army Team makes frequent use of Roman and classical terms in its code.
On 4 July 2009, it launched its first significant attack, unleashing malicious software that wiped data on PCs and also disrupted some government and business websites in South Korea and the US.
In March, the gang knocked tens of thousands of PCs offline at South Korean companies by destroying data on their hard drives. It was one of the most destructive attacks against private computer networks to date.
Is your business a social business? For helpful info and tips visit our hub.
- Windows 8.1 Update: an abject surrender
- The insane economics of Sky Now TV
- No such thing as a free app... so pay up if you want quality
- Time to outlaw crapware-laden installers
- Windows Phone 8.1 video: hands-on
- Office for iPad: key information
- Why every PC buyer owes Richard Durkin a debt of gratitude
- HTC One M8 vs Samsung Galaxy S5: 2014's big-hitters compared
- Windows XP end of life: key information
- Cut out the broadband jargon? What jargon?
- How to write your company's IT security policy
- The key to choosing a secure password
- Please stop reposting fake Facebook messages
- Is Facebook safe for business?
- Don't rely on Chrome's password vault
- Facebook Graph Search: don't panic
- Gmail drafts and Pastebin: could they evade the email snoops?
- Applying for a job at GCHQ? Here's your plain-text password
- Google two-step verification: a must for business email
- Yes, I write down my passwords