Sign up to our free weekly IndyTech newsletter delivered straight to your inbox
Sign up to our free IndyTech newsletter
Hackers extracted lists of files from computers they contaminated with the virus that triggered cyber attacks in the United States and South Korea, say Seoul police.
The attacks, in which floods of computers tried to connect simultaneously to a single website to overwhelm the server, caused outages on prominent government-run sites in both countries.
The finding means hackers not only used affected computers for web attacks, but also tried to steal information from them. That adds to concern contaminated computers were ordered to damage their own hard disks or files after the web assaults.
Still, the new finding does not mean information was stolen from attacked websites, such as those of the White House and South Korea's presidential Blue House, police said. It also does not address suspicions about North Korea's involvement.
Police reached those conclusions after studying an analysis of about two dozen computers - a sample of the tens of thousands of the infected computers, said An Chan Soo, a senior cyber attack investigator. Only lists of files were extracted, not the files.
"It's like hackers taking a look inside the computers," An said. "We're trying to figure out why they did this."
File lists were sent to 416 computers in 59 countries, 15 in South Korea. Police have found lists in 12 receiver computers.
Subscribe to Independent Premium to bookmark this article
Want to bookmark your favourite articles and stories to read or reference later? Start your Independent Premium subscription today.
Join our commenting forum
Join thought-provoking conversations, follow other Independent readers and see their replies