The cyberattacks against South Korean banks and news agencies which took place in March were part of a long-term, domestic covert operation called "Operation Troy", which was aimed at stealing sensitive military and government data, McAfee said.
Thewhich reportedly affected 30,000 computers has since been dubbed "Dark Seoul".
-Makes significant use of Roman terms in its codes
-Sometimes, the developers insert such fingerprints on purpose to establish "ownership" of a new threat.
-Such clues can be used to determine the original source and development legacy of a new "product".
While it remains unclear if the attacks were state-sponsored, the security vendor said in a report released Monday, the operation which had been going on since 2009, were conducted by two separate hacker groups--New Romanic Cyber Army Team and the Whois Hacking Team.
The attackers gang had infected PCs with a malware, the 3Rat Trojan, which automatically sought out documents of interest by scanning computers for military keywords in English and Korean, the report noted. Once the malware identified documents of interest, it encrypted those files and delivered them to the hackers' servers.
"This capability could be devastating if military networks were to suddenly be wiped after an adversary had gathered intelligence. This was clearly the case with the Dark Seoul incident, in which we confirmed that the 3Rat Trojan gained access prior to the master boot record (MBR) wiping event," the report said.
In March this year, a, resulted in server outages at three domestic broadcasters YTN, MBC, and KBS, as well as the Shinhan Bank and NongHyup Bank. The attacks were initially traced to an IP address in China but the Korea Communications Commission later corrected its assessment saying the malware came from a local origin.
McAfee's First Quarter 2013 threat report released in June also foundsuch as spam, phishing e-mail and Web sites, botnets and servers hosting malicious content.