Computer hackers has spent four years spying on the South Korea military, McAfee said Monday, citing evidence uncovered from malicious software samples.
McAfee said that the group behind 'Dark Seoul', was involved in DDoS attacks dating from 2009 and the wiping of the master boot record of many machines on March 20. The missing element was military espionage. After a four-month investigation, researchers at McAfee Labs revealed that one of the primary goals of that group was a covert military spying operation that attempted to target military forces in South Korea. Along with this goal, the researchers have found the covert development of military-espionage malware during a four-year period carried out by the same actors responsible for Dark Seoul and the recent attacks of June 25. That development had remained hidden in the shadows until now.
McAfee released a paper
on Monday that analyzed the code of the software used by those hackers.
It said PCs had been attacked using sophisticated software that automatically sought out documents of interest by scanning computers for military keywords in English and Korean. Once the software identified documents of interest, it encrypted those files then delivered them to the hackers' servers.
The paper also described in detail how the attackers siphoned data from infected computers using a botnet.
Many of the Trojans described in the paper were based on malware developed in 2009. The 'Dark Seoul' adversaries show a consistent pattern of psychological warfare that includes throwing off investigators by blaming the attacks on hacktivism.