‘DarkSeoul’ Behind S. Korea Attacks

Friday, June 28, 2013 @ 05:06 PM gHale

A cybercriminal gang dubbed DarkSeoul could be responsible for numerous sophisticated cyberattacks against South Korea over the past four years, including two attacks that took place this year.

The DarkSeoul gang is responsible for the March attacks on broadcasters and financial institutions, and this week’s attacks on government websites, said researchers at Symantec. In addition to attacks on South Korea, researchers believe the group is responsible for operations against the United States.

U.S. Disinformation Plan for China
Utility Blackouts as a Weapon
Synching Up a Reliable Power Grid
Grid Vulnerable to Attack

Experts have been able to attribute several attacks to the gang because they tend to use the same methods of operation.

For instance, the cyberattacks against high-profile targets from South Korea have always been multi-staged. In addition, the destructive malware payloads – such as the distributed denial of services (DDoS) attacks and MBR wiping – are set to trigger on historically significant dates.

In the attacks launched by DarkSeoul, the disk sectors overwritten by malware ended up replaced with politically-themed strings.

Specific encryption and obfuscation methods, the use of certain third-party webmailer servers to store files, the use of similar C&C structures, and the abuse of legitimate patching mechanisms allowed researchers to link the group to the attacks.

Symantec said the attacks conducted by the gang required intelligence, coordination, and technical sophistication so it’s clear that they’re well-funded. But who is funding remains unclear.

“Symantec expects the DarkSeoul attacks to continue and, regardless of whether the gang is working on behalf of North Korea or not, the attacks are both politically motivated and have the necessary financial support to continue acts of cybersabotage on organizations in South Korea,” researchers said.

Leave a Reply

You must be logged in to post a comment.