Research conducted by U.S. security software maker Symantec Corp has uncovered a hacking campaign against South Korea dating back four years.
While reviewing malicious software code, Symantec researchers joined the dots and concluded that a number of cyberattacks conducted on the country originate from a single group called the "Dark Seoul Gang." According to Reuters, chunks of code identified are identical to evidence found in "significant" attacks over the time period, first discovered in 2009.
Eric Chien, technical director with Symantec Security Response, says that the evidence does not point to the identity of the group members, but estimates there are between 10 and 50 members due to the code's sophistication and complexity of their attacks.
In addition, the Dark Seoul Gang are "extremely well-coordinated" when conducting hacking campaigns.
According to the security firm, the hacking group is responsible for attacks including the Jokra attacks in March 2013 that wiped numerous computer hard drives at South Korean banks and broadcasting facilities, as well as the attacks on the country's financial companies in May 2013.
The Dark Seoul Gang's activities often include multi-stage, coordinated attacks against South Korean targets, including overwriting discs with political strings and the use of destructive payloads, DDoS attacks and command-and-control structures.
On Tuesday, the day that marked the beginning of the Korean war 63 years ago, South Korea suffered another round of cyberattacks which took down governmental and private sites including the presidential Blue House site. In addition, hackers say they were able to steal and publicly share the details of over 2 million South Korean ruling-party members and 40,000 U.S. troops, some of which are currently stationed in the country.
North Korea has previously been blamed for launching cyberattacks against its southern counterpart, but has denied such allegations. In response, the country has said it has also been a victim of cyber warfare. Symantec says:
"Symantec expects the DarkSeoul attacks to continue and, regardless of whether the gang is working on behalf of North Korea or not, the attacks are both politically motivated and have the necessary financial support to continue acts of cybersabotage on organizations in South Korea."