Symantec linked a June 25 DDoS attack against South Korean government websites to the DarkSeoul gang and Trojan.Castov, placing it in a four-year pattern of attacks against South Korea. The report connects DarkSeoul to earlier destructive activity, including the March 2013 Jokra wiper incidents that damaged hard drives at South Korean banks and television broadcasters and later attacks on financial companies. Symantec notes that the group repeatedly paired DDoS and disk-wiping activity with symbolic historical dates, including the Korean War anniversary and U.S. Independence Day. Although the report cautions that nation-state attribution is difficult, it cites South Korean media reporting that investigators believed the attackers acted on behalf of North Korea and assesses the activity as politically motivated cybersabotage with sufficient backing to continue.