A hacking group called “DarkSeoul” was behind some of this week’s attacks on South Korean websites, according to researchers at computer security company Symantec.
The company says the group was responsible for denial of service attacks on South Korean government websites and can be directly linked to similar actions in the past.
“We can now attribute multiple previous high-profile attacks to the DarkSeoul gang over the last 4 years against South Korea, in addition to yesterday’s attack,”Symantec said on its Security Response blog. “These attacks include the devastating Jokra attacks in March 2013 that wiped numerous computer hard drives at South Korean banks and television broadcasters, as well as the attacks on South Korean financial companies in May 2013.”
The same hacking group was behind the attacks that targeted U.S. and South Korean websites on the July 4 weekend in 2009, according to Symantec.
The attacks by DarkSeoul have been technically sophisticated on some occasions. But Symantec said it’s not possible to attribute the acts to those of a nation state, as the South Korean media has fingered North Korean state hackers in many of these cases, or simply a highly skilled group of agitators.
Nevertheless, the attacks are likely to continue, the company said.
“Symantec expects the DarkSeoul attacks to continue and, regardless of whether the gang is working on behalf of North Korea or not, the attacks are both politically motivated and have the necessary financial support to continue acts of cybersabotage on organizations in South Korea. Cybersabotage attacks on a national scale have been rare — Stuxnet and Shamoon (W32.Disttrack) are the other two main examples. However, the DarkSeoul gang is almost unique in its ability to carry out such high-profile and damaging attacks over several years.”