The major cyber attack that hit South Korea on March 20, 2013, wiping the hard drives of tens of thousands of computers, was part of an elaborate campaign by hackers working to steal the country’s military and governmental secrets, according to a McAfee Labs research report.
The report suggested the hackers had access to the environment prior to launching the wiping component, though it is still not clear who was behind the attack.
“Our analysis of this attack — known first as Dark Seoul and now as Operation Troy — has revealed that in addition to the data losses of the MBR wiping, the incident was more than cyber vandalism. The attacks on South Korean targets were actually the conclusion of a covert espionage campaign.” McAfee’s report reads.
“The remote-access Trojan was compiled January 26, 2013. The component to wipe the master boot record (MBR) of numerous systems was compiled January 31. An initial victim within the organization was spear-phished with the remote-access Trojan.
“This likely occurred before March 20, and possibly weeks prior to the attack.The dropper was compiled March 20, hours before the attack occurred.The dropper was distributed to systems across the victim organizations, and within minutes of execution the MBRs were wiped. This occurred around 2:00 pm Seoul time on March 20,” the report stated.