South Korea has been under a concerted cyberattack for the last four years, according to a comprehensive new report (PDF) released Monday by security firm McAfee. That means the hack that crippled three TV broadcasters and two banks in March was possibly just the tip of the iceberg.
What has been the goal of these hackers? To steal South Korean government and military secrets, according to McAfee.
"Our analysis of this attack -- known first as Dark Seoul and now as Operation Troy -- has revealed that in addition to the data losses of the MBR wiping, the incident was more than cybervandalism," McAfee's report reads. "The attacks on South Korean targets were actually the conclusion of a covert espionage campaign."
Initially, in March, it was revealed that servers in South Korea were victims of a massive coordinated attack that erased data from tens of thousands of computers. At first, the government blamed China for the hack, and then pointed the finger at North Korea.
According to McAfee, it's still not clear who was behind the stunt. But, the security firm has garnered far more information about the attackers and their methods.
The malware used in Operation Troy included two Trojans and a wiper that installed themselves on users' computers via file transfers from online bulletin boards and discussion forums. According to McAfee, once the malware was installed, it could spy on users' computers and then destroy the hard drive.
"McAfee Labs can connect the Dark Seoul and other government attacks to a secret, long-term campaign that reveals the true intention of the Dark Seoul adversaries: attempting to spy on and disrupt South Korea's military and government activities," the report reads. "From our analysis we have established that Operation Troy had a focus from the beginning to gather intelligence on South Korean military targets."