SophosLabs identified the malware used in the March 2013 disruption of South Korean banks and broadcasters, where Shinhan, NongHyup, KBS, MBC, and YTN systems were reportedly affected. The malware, detected as Mal/EncPk-ACE and dubbed DarkSeoul, attempted to disable South Korean antivirus products from AhnLab and Hauri, supporting that the activity was targeted at local systems. Sophos noted the code was not especially sophisticated, with unobfuscated commands and detection already available for nearly a year. Although some media reports suggested a North Korea origin, Sophos said no strong evidence had emerged tying the Whois Team or the attack operators to North Korea.