| BOSTON, June 26
BOSTON, June 26 Researchers with U.S. security
software maker Symantec Corp say they have uncovered
digital evidence that links cyber attacks on South Korea dating
back four years to a single hacking group dubbed the "Dark Seoul
Eric Chien, technical director with Symantec Security
Response, said late on Wednesday that his firm made the
connection while reviewing malicious software code used to
launch attacks that disrupted some South Korean government
websites earlier in the week.
He said that the evidence did not uncover the identity of
the gang members.
North Korea has been blamed for previous cyber attacks on
South Korean banks and government networks, although Pyongyang
denies responsibility and has said it has also been a victim.
Symantec researchers found chunks of code that were
identical to code in malicious programs used in four previous
significant attacks, the first of which happened on July 4,
2009, according to Chien.
"We know that they are one gang," he said. "It is extremely
He estimates that the group has between 10 and 50 members,
based on the sophistication of the code and the complexity of
The July 4, 2009, attack wiped data on PCs and also launched
distributed denial of service attacks that disrupted websites in
South Korea as well as the United States.
In March of this year, the gang knocked tens of thousands of
PCs off line at South Korean companies by destroying data on
their hard drives, Chien said. It was one of the most
destructive cyber attacks on private computer networks to date.
Symantec published its report on the gang on its website:
A hacking attack on Tuesday, the anniversary of the start of
the Korean War in 1950, brought down the main websites of South
Korea's presidential office and some local newspapers, prompting
cybersecurity officials to raise the alert.