Being one of the most isolated and secretive nations on the earth, from the Sony Picture breach to the WannaCry attack, cyber-attacks from the Democratic People’s Republic of Korea (DPRK) seem to be more and more aggressive than before. Based on our observations, the North Korea cyber army has expanded their campaign to target not only South Korea but also overseas countries. During these tense times, we think it is essential to understand the digital weapons leveraged in their attacks.
According to available intelligence, the DPRK cyber army has been in operation for several years. South Korea has suffered about 500 attack incidents every year, and the number is steadily increasing. From these attacks, we have been able to analyze the digital weapons they deployed and tracked their latest campaigns.
In this presentation, we will take a deep dive into the malicious codes they used in both cyber espionage and cybercrime attacks. In addition, we will explain how we recognize the malware from the DPRK and analyze the exploits they leveraged. We will also introduce the attack vectors and C&C servers through three real-world incidents.