Cyber attacks against government and commercial targets in South Korea can be traced back to a single group, called "DarkSeoul", security vendor Symantec has claimed.
The company says that it does not know whether or not the group is linked to the North Korean government, but says the attacks are certainly "politically motivated".
A spate of cyber attacks against targets in both North and South Korea occurred on Tuesday this week, the anniversary of the outbreak of the Korean war in 1950.
These mostly involved distributed denial of service (DDoS) attacks against government websites, although data including the personal details of US soldiers was also leaked online.
Symantec said yesterday that "while multiple attacks were conducted by multiple perpetrators, one of the distributed denial-of-service (DDoS) attacks observed yesterday against South Korean government websites can be directly linked to the DarkSeoul gang".
It added that a number of previous cyber attacks, including the severe outages at a number of banks and broadcasters in March, can now be attributed to DarkSeoul. These attacks followed the gang's modus operandi, it said, including overwriting disks with political rhetoric and DDoS attacks that are timed to occur on historically significant dates.
The group has previously committed DDoS against US government websites on July 4th, US Independence Day, Symantec said.
It added that the DarkSeoul gang is “almost unique” in its ability to carry out high-profile and destructive attacks over several years.
“Symantec expects the DarkSeoul attacks to continue and, regardless of whether the gang is working on behalf of North Korea or not, the attacks are both politically motivated and have the necessary financial support to continue acts of cybersabotage on organizations in South Korea,” said Symantec on its blog yesterday.
Hacking group Anonymous claimed responsibility for the attacks against the North earlier this week. One source speculated that it may also have been responsible for attacks on the South, but Anonymous denied this.