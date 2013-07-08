By Jim Finkle
| BOSTON, July 8
hackers has spent four years spying on the South Korea military,
U.S. security software maker McAfee said Monday, citing evidence
uncovered from malicious software samples.
The findings, which were not confirmed by authorities in
Seoul, provide one possible motive for ongoing attacks on South
Korea that date to 2009.
McAfee, a division of Intel Corp, did not identify
a sponsor for the attacks but said they were carried out by a
hackers group known as the New Romanic Cyber Army Team. Seoul
has blamed North Korea for some of the cyber attacks although
Pyongyang denies responsibility and says it too has been a
victim.
Officials at the South Korean Embassy in Washington were not
immediately available for comment. A Pentagon spokesman said he
was unaware of McAfee's findings and declined comment.
Experts with Symantec Corp, another security
software maker, last month definitively linked the four-year
string of attacks to a single group of hackers.
The attacks hit government and corporate computers.
McAfee released a 29-page technical paper on Monday that
analyzed the code of the software used by those hackers, whose
identity is still not known.
It said the hacking gang infected PCs with sophisticated
software that automatically sought out documents of interest by
scanning computers for military keywords in English and Korean.
Once the software identified documents of interest, it
encrypted those files then delivered them to the hackers'
servers, McAfee said.
The paper also described in detail how the attackers
siphoned data from infected computers using a sophisticated
infrastructure known as a "botnet."
McAfee named the attacks "Operation Troy," because the word
Troy frequently appeared in the code of the malicious software.
The New Romanic Cyber Army Team makes frequent use of Roman and
classical terms in their code.
On July 4, 2009, it launched its first significant attack,
unleashing malicious software that wiped data on PCs and also
disrupted some government and business websites in South Korea
and the United States.
In March, the gang knocked tens of thousands of PCs off line
at South Korean companies by destroying data on their hard
drives. It was one of the most destructive cyber attacks on
private computer networks to date.
McAfee published its report on the gang on its website: