DarkSeoul Gang Blamed For Cyber Attacks On South Korea

A gang known as DarkSeoul has been blamed for a slew of cyber attacks on South Korean targets, including recent high-profile strikes on South Korean banks and television broadcasters.

Officials in South Korea have linked those attacks to the North Korean regime, something the North has denied. Attacks had previously been linked to a collective known as the Whois Team.

The gang has been battering South Korean companies for four years, having also targeted US organisations with distributed denial of service (DDoS) and wiper attacks on Independence Day, according to security firm Symantec.

Attacks on South Korea

The DarkSeoul collective, which has been using the Castov Trojan to steal data, has also been linked to at least one of the DDoS attacks on websites of the South Korean presidential office and local newspapers this week, which coincided with the 63rd anniversary of the start of the Korean War. North Korean sites were also targeted.

It was claimed data on 40,000 US troops and over two million South Korean ruling party workers were posted online earlier this week, thought to be linked to the recent attacks.

In late May, the group hit financial companies in South Korea too, attempting to pilfer information with Castov.

“The attacks conducted by the DarkSeoul gang have required intelligence and coordination, and in some cases have demonstrated technical sophistication,” Symantec said in a blog post.

“Regardless of whether the gang is working on behalf of North Korea or not, the attacks are both politically motivated and have the necessary financial support to continue acts of cybersabotage on organisations in South Korea.

“The DarkSeoul gang is almost unique in its ability to carry out such high-profile and damaging attacks over several years.”

Are you a security expert? Try our quiz!