Highly trained, well-funded and very persistent computer hackers have been seeking to steal secrets from U.S. and South Korean military networks for at least four years, according to new data released by security researchers.
The hackers have all the characteristics of state-sponsored cyberattackers, said Ryan Sherstobitoff of the computer security firm McAfee Inc.
"The people behind this are highly trained, well-funded and very persistent," Mr. Sherstobitoff said. "They've been targeting the networks for years."
The hackers, who identified themselves as the "New Romantic Cyber Army," used crude attacks and aped the tactics and jargon of so-called "hacktivist" groups, such as the anarchistic coalition Anonymous.
But behind the scenes, they were exploiting highly specialized and targeted cyberespionage tools to burrow into classified networks of the U.S. and South Korean military.
"The primary mission was to steal secret military data," Mr. Sherstobitoff said. "That's been in the shadows until now."
The Pentagon had no comment Monday.
The "very advanced, very sophisticated" cybertools had elements in common with malicious software that was used in previous attacks to destroy civilian computers in South Korea by erasing the programs that start them up, Mr. Sherstobitoff said.
The "wiper" malware successfully attacked South Korean banks and television broadcasters on March 20. The "Dark Seoul" attacks that day destroyed 32,000 computers and knocked offline ATMs and Internet portals of three banks.
On June 25, the attackers struck again. Park Jae-moon, director of the South Korean Science Ministry's Information Technology Strategy Bureau, told reporters that the websites of 11 media outlets, four government agencies and the conservative New Frontier political party had been shut down by the malware attack.
The following day, the Pentagon confirmed that personal data of thousands of members of the U.S. military who have served in South Korea had been posted on the Internet by hackers.
On Monday, Mr. Sherstobitoff said that McAfee researchers had evidence from the code used in each of these attacks, which strongly suggests a single group of hackers is behind them and other attacks dating back to 2009.
"We believe these [attacks] are all linked to a single actor," he said, adding that researchers could not say with certainty who the attackers are or where they are based.
South Korean officials have blamed previous attacks on North Korean hackers, and some have accused China of harboring or helping Pyongyang's cyberwarriors and online spies.
Analysts say that the revelations about these attacks ought to prompt U.S. officials to reassess North Korea's cybercapabilities.
Pyongyang's hackers now must be rated "as good as Iran," said James A. Lewis, a cybersecurity scholar at the Washington-based Center for Strategic and International Studies.
"The Iranians moved up quickly," Mr. Lewis said, noting the recent spate of "denial of service" attacks against U.S. banks laid at their door.
U.S. officials have said the greatest danger posed by cyberattacks is disruption of vital infrastructure, such as electric power transmission.
In some attacks on South Korean targets, the hackers had claimed to have stolen personal data as well, a move that Mr. Sherstobitoff described as "misdirection."
"This was a psychological warfare move to make people think it was hacktivist, rather than nation-state," he said.
The attackers also adopted the jargon of Anonymous and other hacktivists in the claims they posted online in an attempt to conceal their true nature, Mr. Sherstobitoff said.
McAfee researchers dubbed the attacks "Operation Troy" because of references to the classical city in the computer code the attackers used.
© Copyright 2015 The Washington Times, LLC. Click here for reprint permission.