View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

Symantec links South Korean cyber attacks to DarkSeoul gang

North Korea was accused of carrying out the earlier cyber attacks, targeting banks and government networks in South Korea.

By CBR Staff Writer

A gang called the ‘Dark Seoul Gang’ is said to be behind the cyber attacks on South Korea four years ago, which coincided with the 63rd anniversary of Korean War, according to research conducted by US security software maker Symantec.

North Korea was accused of carrying out the earlier cyber attacks and targeting banks and government networks in South Korea.

Also a distributed denial-of-service (DDoS) attack against South Korean government websites, reported on June 25, can be directly linked to the DarkSeoul gang and Trojan.Castov, said Symantec in its blog post.

"We can now attribute multiple previous high-profile attacks to the DarkSeoul gang over the last 4 years against South Korea, in addition to yesterday’s attack," added the blog post.

"While nation-state attribution is difficult, South Korean media reports have pointed to an investigation which concluded the attackers were working on behalf of North Korea.

"Symantec expects the DarkSeoul attacks to continue and, regardless of whether the gang is working on behalf of North Korea or not, the attacks are both politically motivated and have the necessary financial support to continue acts of cybersabotage on organisations in South Korea."

Symantec Security Response technical director Eric Chien said the evidence did not uncover the identity of the gang members.

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

Chien was quoted by Reuters as saying that Symantec researchers found chunks of code that were identical to code in malicious programmes used in four previous attacks, including the one which took place on July 4, 2009.

The July 4, 2009 attack reportedly wiped data on PCs and also launched DDOS attacks that disrupted websites in both South Korea and the US.

"The attacks conducted by the DarkSeoul gang have required intelligence and coordination, and in some cases have demonstrated technical sophistication," added Symantec.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.