Hackers targeted S Korea, US military: McAfee Labs news
09 July 2013

Hackers have targeted tens of thousands of PC hard drives in South Korea, also appeared to have targetted the country's military secrets.

According to a study by McAfee Labs, the malware created by the hackers scanned systems for keywords including "weapon", "US Army" and "secret".

According to the study, once a computer's contents had been catalogued, the documents could be grabbed at will by attackers.

Playing down the threat South Korean defence ministry told the Associated Press news agency that it was technically impossible to have lost classified reports as the computers on which it stored military secrets were not connected to the net.

A Pentagon spokesman said it would review the report.

McAfee said the attacks formed part of a long-term spying operation which could be traced back to at least 2009. The operation was called Operation Troy because the name of the ancient city repeatedly appeared in the hackers' code.

Investigation of the group started following an attack in March, which caused data held on PCs used by several banks and TV networks to be deleted.

The security firm said that on the basis of similarities between the malware used to wipe the discs and those used to hunt for military secrets, it believed they must have been created by the same team.

According to Pentagon spokesman army lieutenant colonel, James Gregory, the Defence Department was aware of the study and looked forward to reviewing it.

He said the Defence Department took the threat of cyber espionage and cyber security very seriously, which was why the army had taken steps to increase funding to strengthen capabilities and harden networks to mitigate against the risk of cyber espionage.

According to South Korea's Defence Ministry its secrets were safe. Ministry spokesman Kim Min-seok said though officials were not aware of McAfee's study, it was technically impossible to have lost classified reports because computers with military intelligence were not connected to the internet. He added, when accessing the web, military officials used different computers disconnected from the internal military server.

Kim said, a hack of sensitive South Korean military computers from the internet "cannot be done," as it was physically separated.

Ryan Sherstobitoff, a senior threat researcher at McAfee said while it was not entirely impossible to extract information from a closed network that was disconnected from the internet, it would require some extensive planning and understanding of the internal layout to stage such an exfiltration to the external world.

 search domain-b
Hackers targeted S Korea, US military: McAfee Labs