- The Washington Times - Monday, July 8, 2013

Highly trained, well-funded and very persistent computer hackers have been seeking to steal secrets from U.S. and South Korean military networks for at least four years, according to new data released by security researchers.

The hackers have all the characteristics of state-sponsored cyberattackers, said Ryan Sherstobitoff of the computer security firm McAfee Inc.

“The people behind this are highly trained, well-funded and very persistent,” Mr. Sherstobitoff said. “They’ve been targeting the networks for years.”

The hackers, who identified themselves as the “New Romantic Cyber Army,” used crude attacks and aped the tactics and jargon of so-called “hacktivist” groups, such as the anarchistic coalition Anonymous.

But behind the scenes, they were exploiting highly specialized and targeted cyberespionage tools to burrow into classified networks of the U.S. and South Korean military.

“The primary mission was to steal secret military data,” Mr. Sherstobitoff said. “That’s been in the shadows until now.”

The Pentagon had no comment Monday.

The “very advanced, very sophisticated” cybertools had elements in common with malicious software that was used in previous attacks to destroy civilian computers in South Korea by erasing the programs that start them up, Mr. Sherstobitoff said.

The “wiper” malware successfully attacked South Korean banks and television broadcasters on March 20. The “Dark Seoul” attacks that day destroyed 32,000 computers and knocked offline ATMs and Internet portals of three banks.

On June 25, the attackers struck again. Park Jae-moon, director of the South Korean Science Ministry’s Information Technology Strategy Bureau, told reporters that the websites of 11 media outlets, four government agencies and the conservative New Frontier political party had been shut down by the malware attack.

The following day, the Pentagon confirmed that personal data of thousands of members of the U.S. military who have served in South Korea had been posted on the Internet by hackers.

On Monday, Mr. Sherstobitoff said that McAfee researchers had evidence from the code used in each of these attacks, which strongly suggests a single group of hackers is behind them and other attacks dating back to 2009.

“We believe these [attacks] are all linked to a single actor,” he said, adding that researchers could not say with certainty who the attackers are or where they are based.

South Korean officials have blamed previous attacks on North Korean hackers, and some have accused China of harboring or helping Pyongyang’s cyberwarriors and online spies.

Analysts say that the revelations about these attacks ought to prompt U.S. officials to reassess North Korea’s cybercapabilities.

Story Continues →