Cyber Attacks on South Korean Media Outlets Traced to Mysterious Group
The organization, dubbed “DarkSeoul,” is believed to be the perpetrator of eight hacking actions against local media firms and government sites over the past four years.
SEOUL -- After major South Korean media companies and banks were paralyzed by cyber attacks in March, the South Korean presidential office's website and other state-run sites were brought down this week. U.S. security firm Symantec believes these and six other hacking incidents in South Korea over the past four years were perpetrated by a single, and not yet unidentified, group.
The most recent cyber attacks occurred around 9:30 am on Tuesday and caused the home pages of presidential residence Cheong Wa Dae (The Blue House) and the Office of Government Policy Coordination to be shut down for repair. Tuesday was the 63rd anniversary of the outbreak of the Korean War, a momentous day on the Korean peninsula -- the war is referred to by locals as "6.25."
A message in a combination of English and Korean was plastered on the presidential home page: “Hooray Kim Jong-un, President of Unification! We Are Anonymous. We Are Legion. We Do Not Forgive. We Do Not Forget. Expect Us.” Analysts say it isn't clear whether the action actually originated from international hacktivist group Anonymous or is the work of another organization posing as the group.
Eleven major South Korean media organizations were also affected, although the gravity of attacks was not as severe as those in March, which shut down tens of thousands of computers and servers.
Symantec announced Wednesday that the pattern of the attacks and the hacking methods deployed suggest that they were all undertaken by the same group. Another firm, INKA Internet, said that the attack patterns from this week were very similar to those in March.
Symantec has taken to referring to this anonymous organization as “DarkSeoul.” While its links to North Korea -- a connection some in the South Korean media have strongly suggested -- are uncertain, U.S. analysts believe DarkSeoul operates with a political motive. Considering the complexity of the program coding and attack patterns, it is estimated to be a fairly large hacking team comprised of 10 to 50 members, with significant financial backing.
Meanwhile, several North Korean websites and networks were also brought down Tuesday after Anonymous -- or hackers posing as the group -- claimed responsibility for cyber attacks against the isolated totalitarian state. Internet pages run by North Korean newspapers Rodong Sinmun and The Choson Shinbo; Air Koryo; and video and photo site, Ryugyong Clip, were all out of service around 4 p.m., according to South Korea's Yonhap News.