All the latest UK technology news, reviews and analysis

South Korea and US government hacks blamed on DarkSeoul group

27 Jun 2013
south korea

The DarkSeoul hacker group is responsible for at least one of the recent attacks on the South Korean government, according to security firm Symantec.

Symantec researchers said initial analysis of the attacks and malwares used proved the DarkSeoul hackers were involved in the recent attacks on South Korea. "While multiple attacks were conducted by multiple perpetrators, one of the distributed denial-of-service (DDoS) attacks observed yesterday against South Korean government websites can be directly linked to the DarkSeoul gang and Trojan.Castov," Symantec's said.

The firm said the research also linked the team to several attacks on both South Korea and the US government. "We can now attribute multiple previous high-profile attacks to the DarkSeoul gang over the last four years against South Korea, in addition to yesterday's attack," it noted. "They previously conducted DDoS and wiping attacks on the US Independence Day as well."

The group's involvement in attacks on the US is expected to have political consequences, with many security researchers believing DarkSeoul is working for the North Korean government. If true, this is troubling as in the past the US government has indicated it would react to cyber attacks on its networks the same way it would real world acts of war. At the time of publishing, the US Department of Defense and White House had not responded to V3's request for comment on Symantec's research.

Symantec confirmed while there is some evidence to suggest the DarkSeoul group is state sponsored, it is still too early to definitively know if the group is operating at the behest of the North Korean government.

"The attacks conducted by the DarkSeoul gang have required intelligence and coordination, and in some cases have demonstrated technical sophistication. While nation-state attribution is difficult, South Korean media reports have pointed to an investigation which concluded the attackers were working on behalf of North Korea," wrote Symantec.

Symantec researchers said even if DarkSeoul is not working for North Korea, the group is in possession of several sophisticated attack tools and resources. The security firm warned businesses to expect and prepare for further attacks from the group.

"Symantec expects the DarkSeoul attacks to continue and, regardless of whether the gang is working on behalf of North Korea or not, the attacks are both politically motivated and have the necessary financial support to continue acts of cyber sabotage on organisations in South Korea," the firm said.

"Cyber sabotage attacks on a national scale have been rare - Stuxnet and Shamoon (W32.Disttrack) are the other two main examples. However, the DarkSeoul gang is almost unique in its ability to carry out such high-profile and damaging attacks over several years."

Hacks in Korea have started since the anniversary of the war between the two nations, with details on 40,000 troops leaked earlier this week.

  • Comment  
  • Tweet  
  • Google plus  
  • Facebook  
  • LinkedIn  
  • Stumble Upon  
Alastair Stevenson

Alastair has worked as a reporter covering security and mobile issues at V3 since March 2012. Before entering the field of journalism Alastair had worked in numerous industries as both a freelance copy writer and artist.

View Alastair's Google+ profile

More on Security
What do you think?
blog comments powered by Disqus

BYOD vs CYOD vs BYOC poll

Which approach is your firm taking to managing employees' mobile devices?

Popular Threads

Powered by Disqus
Galaxy S5 vs Xperia Z2 home screen

Xperia Z2 vs Galaxy S5

We break down the strengths and weaknesses of the two Android heavyweights

Updating your subscription status Loading

Get the latest news (daily or weekly) direct to your inbox with V3 newsletters.

newsletter sign-up button

Data protection: the key challenges

Deduplication is a foundational technology for efficient backup and recovery


iPad makes its mark in the enterprise

The iPad can become a supercharged unified communications endpoint, allowing users to enhance their productivity

Software Development Engineer

Develop: Customise: Configure. Maximise your technical...

Junior Developer Hedge Fund C# WPF .Net - London

Junior Developer C# .Net - Mayfair Hedge Fund Junior...

IT Database Administrator (SQL)

Say hello to big brands & bigger career opportunities...

Magento Developer

Tile Mountain is a one stop online shop for all your...
To send to more than one email address, simply separate each address with a comma.