The security firm has also found the covert development of military-espionage malware during a four-year period carried out by the same actors responsible for Dark Seoul and the recent attacks of 25 June.
McAfee researchers Ryan Sherstobitoff, Itai Liba, and James Walte said: "McAfee Labs can connect the Dark Seoul and other government attacks to a secret, long-term campaign that reveals the true intention of the Dark Seoul adversaries: attempting to spy on and disrupt South Korea’s military and government activities."
The researchers said since 2009 the attackers have attempted since to install the capability to destroy their targets using an master boot record (MBR) wiper component, as seen in the Dark Seoul incident.
"From our analysis we have established that Operation Troy had a focus from the beginning to gather intelligence on South Korean military targets. We have also linked other high-profile public campaigns conducted over the years against South Korea to Operation Troy, suggesting that a single group is responsible," the researchers said.