A gang called the ‘Dark Seoul Gang’ is said to be behind the cyber attacks on South Korea four years ago, which coincided with the 63rd anniversary of Korean War, according to research conducted by US security software maker Symantec.
North Korea was accused of carrying out the earlier cyber attacks and targeting banks and government networks in South Korea.
Also a distributed denial-of-service (DDoS) attack against South Korean government websites, reported on June 25, can be directly linked to the DarkSeoul gang and Trojan.Castov, said Symantec in its blog post.
"We can now attribute multiple previous high-profile attacks to the DarkSeoul gang over the last 4 years against South Korea, in addition to yesterday’s attack," added the blog post.
"While nation-state attribution is difficult, South Korean media reports have pointed to an investigation which concluded the attackers were working on behalf of North Korea.
"Symantec expects the DarkSeoul attacks to continue and, regardless of whether the gang is working on behalf of North Korea or not, the attacks are both politically motivated and have the necessary financial support to continue acts of cybersabotage on organisations in South Korea."
Symantec Security Response technical director Eric Chien said the evidence did not uncover the identity of the gang members.
Chien was quoted by Reuters as saying that Symantec researchers found chunks of code that were identical to code in malicious programmes used in four previous attacks, including the one which took place on July 4, 2009.
The July 4, 2009 attack reportedly wiped data on PCs and also launched DDOS attacks that disrupted websites in both South Korea and the US.
"The attacks conducted by the DarkSeoul gang have required intelligence and coordination, and in some cases have demonstrated technical sophistication," added Symantec.