Hacking attacks on South Korea dating back over four years are all down to a group called the DarkSeoul gang, internet security experts have suggested.
By Sky News Online
The latest attacks – on both North and South Korean websites – took place earlier this week on the 63rd anniversary of the Korean War.
US internet security company Symantec studied the malicious software code used and linked it with previous hacking.
It believes the group was also behind the March 2013 attack which hit tens of thousands of PCs and wiped data at several major broadcasters and banks in South Korea.
The finger of suspicion had previously fallen on North Korea but the communist state has denied being responsible.
In its blog, Symantec said it was hard to identify whether the DarkSeoul gang is working on behalf of any country, but noted that the attacks are always politcally-motivated and required financial backing to carry out.
“We can now attribute multiple previous high-profile attacks to the DarkSeoul gang over the last 4 years against South Korea, in addition to yesterday’s attack,” said Symantec.
“These attacks include the devastating Jokra attacks in March 2013 that wiped numerous computer hard drives at South Korean banks and television broadcasters, as well as the attacks on South Korean financial companies in May 2013.”
The attacks reportedly share a number of similar technical characteristics.
According to the security firm, these include: “legitimate third-party patching mechanisms in order to spread across corporate networks” and “specific encryption and obfuscation methods”.
DarkSeoul has between 10 and 50 members based on the complexity of the attacks, said the company’s technical director Eric Chien.
However, the Korean War anniversary attacks on Tuesday have been blamed on multiple perpetrators.
The main websites of South Korea’s presidential office and some local newspapers were affected, as were some North Korea media sites.
Hackers’ collective Anonymous claimed it was responsible for the cyber assault on North Korea, although this has not been verified.