Symantec Corporation recently wrote that they have successfully been able to track down the source of many South Korean hacking incidents. The evidence uncovered revealed that a hacker group called the “DarkSeoul” gang was behind the massive cyber-attacks going back at least four years.
Earlier this week a string of cyber-attacks took down or temporarily disrupted numerous websites in South Korea. Now Symantec believes they have the answer as to who did it and believe that it was the evidence they needed to solve the mystery behind four years of major hacking incidents.
The connection was made to a hacktivist group known as the “DarkSeoul” gang which Symantec says might have as many as 50 members, yet none have been identified.
Symantec says that this network of hackers have been using a very similar coding in their programs that helped them determine who was behind the attacks, which began on July 4th, 2009. That first attack wiped out the data on PCs and a initiated a DDoS that affected the U.S. as well as South Korea.
Since that first attack, four major incidents have taken place, some of which was blamed on North Korea but that may be only partly correct. According to Symantec, the sophistication behind the attacks is extraordinary and does appear to be politically motivated, however, it was South Korea’s investigations that concluded that DarkSeoul was working for the North.
Symantec writes in part,
The attacks conducted by the DarkSeoul gang have required intelligence and coordination, and in some cases have demonstrated technical sophistication. While nation-state attribution is difficult, South Korean media reports have pointed to an investigation, which concluded the attackers were working on behalf of North Korea.
Symantec went on to say that they expect the attacks to continue regardless of whether the gang is working for the North or not. However, the company stressed that whoever they are or whom they are working for, they seem to have the money and the power to work together.
The attack that took place this past March was noted as one of the largest and most destructive cyber-attack on a private computer network to date. The hackers successfully took thousands of PCs off line, and with most of those PCs losing a good percentage of their data that added up to massive losses in revenue.