A cyberattack that took three TV broadcasters and two banks in South Korea offline in March is part of an elaborate campaign by hackers who've also been working to steal the country's military and governmental secrets, according to a new McAfee report. The security software company is calling the string of attacks Operation Troy, and says they've been taking place since 2009. The March attacks erased data from tens of thousands of computers in a coordinated strike — the majority of the attack took place on March 20th at 2 pm, the report said. In April, the South Korean government blamed the attack on North Korea.
During the March attacks, some Korean TVs reportedly displayed three skulls and a message that said a group called the "Whois Team" was responsible for the disruptions. In other attacks, messages were sent identifying the hackers as the "NewRomanic Cyber Army Team." McAfee said that it believed the two groups were hacking and spying in tandem as a part of a larger organization. The malware used in attacks from both groups made mention of the ancient city of Troy and other classic Roman terms, which is why the software company dubbed the efforts Operation Troy. McAfee's report stops short of saying that the attacks originated in North Korea, but did argue that the campaign was "attempting to spy on and disrupt South Korea's military and government."
"A covert espionage campaign."
According to McAfee's analysis, the malware used in Operation Troy's strikes installed itself on Korean computers by way of malicious files transferred across bulletin boards and IRC chat. Once the malware was installed, it monitored the computer for data to be stolen before wiping the hard drives. "The incident was more than cybervandalism," McAfee said of the March hacks. "The attacks on South Korean targets were actually the conclusion of a covert espionage campaign."