South Korean government websites that fell victim to cyberattacks earlier this year may have not been attacked by hacktivists, but rather were targets of cyber war drills conducted by or on behalf of North Korea, according to security software firm McAfee.
In the most recent attack, about 40 web sites were targeted by distributed denial-of-service (DDoS) attacks, including that of the presidential office and the National Intelligence Agency, which prompted the government to issue its third-highest alert against cyber assaults.
According to a Reuters report, these attacks and others before it were likely “Internet reconnaissance missions to test the impact that cyber weapons could have in wartime,” said Dmitri Alperovitch, vice president of threat research for McAfee Labs.
McAfee released a document that detailed a technical analysis of the malicious software hackers used to launch the March 2011 denial of service attacks against South Korean websites.
According to the report:
The attackers likely built the army of computers that launched the attacks by infecting healthy PCs with malicious software at a popular South Korean file-sharing site. Once the PCs were infected, they became part of a “botnet,” or army of enslaved computers, the hackers managed remotely from “command and control centers.”
“They were cyber war drills designed to determine how difficult it would be to take down key government websites in the event of war,” Alperovitch said, making the South Korean attacks more alarming than anything done by Anonymous and Lulz Security in recent times.
We recently reported that the South Korean Army signed a deal with Korea University last week to establish an undergraduate program for cyberwarfare specialists, purportedly to assist in national defense against a growing North Korean cyber threat.