New McAfee Study on North Korean Malware
According to news reports, there is a new piece to the Dark Seoul puzzle. A new Malware is on the loose and it’s after information on South Korean and U.S. Military secrets. The report does not identify which government networks have been targeted specifically, just that it’s looking for information on the two specific countries. The researchers have found it’s been gathering information since 2009, but the attack wasn’t discovered until March 20, 2013.
It’s called Operation Troy, after the historic city in which the Trojan War took place. A significant reference considering how much of a historic impact the war had on Greek literature. Not to mention that the city of Troy fell due to the enemies breaking through with the famous Trojan horse. All familiar references in modern day hacking and hackers love their references.
McAfee Labs stated that the first attack found was named Dark Seoul, in which they discovered the hard drives wiped of critical data. But Operation Troy is a second attack but may have been implemented by the same group. The Malware was programmed to seek out certain keywords in varying versions of ‘military secrets.’
“This goes deeper than anyone had understood to date, and it’s not just attacks: It’s military espionage,” said Ryan Sherstobitoff, a senior threat researcher at McAfee who gave The Associated Press a report the company is releasing later this week. He analyzed code samples shared by U.S. government partners and private customers.”
My advice would be for the McAfee researchers to keep looking, as in the case of the Trojan horse, the city forces were looking in the wrong direction. McAfee already found two parts to this attack, perhaps there are more.
This article was originally posted in the Lint Center.