The report suggested the hackers had access to the environment prior to launching the wiping component, though it is still not clear who was behind the attack.
"Our analysis of this attack -- known first as Dark Seoul and now as Operation Troy -- has revealed that in addition to the data losses of the MBR wiping, the incident was more than cyber vandalism. The attacks on South Korean targets were actually the conclusion of a covert espionage campaign." McAfee's report reads.
“The remote-access Trojan was compiled January 26, 2013. The component to wipe the master boot record (MBR) of numerous systems was compiled January 31. An initial victim within the organization was spear-phished with the remote-access Trojan.
“This likely occurred before March 20, and possibly weeks prior to the attack.The dropper was compiled March 20, hours before the attack occurred.The dropper was distributed to systems across the victim organizations, and within minutes of execution the MBRs were wiped. This occurred around 2:00 pm Seoul time on March 20,” the report stated.