Korea - Cyber Security Review

The Updated APT Playbook: Tales from the Kimsuky threat actor group

Posted onMarch 20, 2024March 21, 2024

Rapit7 team recently ran across some interesting activity that they believe is the work of the Kimsuky threat actor group, also known as Black Banshee or Thallium. Originating from North Korea and active since at least 2012, Kimsuky focuses primarily on Read More …

North Korea Using Social Engineering to Enable Hacking of Think Tanks, Academia, and Media

Posted onJune 1, 2023June 2, 2023

The Federal Bureau of Investigation (FBI), the U.S. Department of State, and the National Security Agency (NSA), together with the Republic of Korea’s National Intelligence Service (NIS), National Police Agency (NPA), and Ministry of Foreign Affairs (MOFA), are jointly issuing Read More …

FakeSpy Android Information-Stealing Malware Targets Japanese and Korean-Speaking Users

Posted onJune 19, 2018June 20, 2018

Spoofing legitimate mobile applications is a common cybercriminal modus that banks on their popularity and relies on their users’ trust to steal information or deliver payloads. Cybercriminals typically use third-party app marketplaces to distribute their malicious apps, but in operations Read More …

Lazarus Group used ActiveX zero-day vulnerability to attack South Korean security think tank

Posted onJune 13, 2018June 15, 2018

An ActiveX zero-day vulnerability used in attacks against a South Korean think tank has been connected to Lazarus Group. The target of these attacks was the Sejong Institute, a non-profit South Korean think tank which conducts research on national security. Read More …

RedDawn Espionage Campaign Shows Mobile APTs on the Rise

Posted onMay 18, 2018May 21, 2018

A sophisticated and targeted mobile espionage campaign has been found targeting North Korean defectors. Mounted by a relatively new APT actor known as Sun Team, the offensive used Google Play and Facebook as attack vectors; and overall, it shows how Read More …

Researchers Find New Twists In ‘Olympic Destroyer’ Malware

Posted onFebruary 14, 2018February 16, 2018

Researchers have uncovered new wrinkles in the “Olympic Destroyer” malware attack that targeted the Winter Olympics in Pyeongchang, South Korea. Cisco Talos researchers now believe the malware also wipes files on shared network drives. Originally researchers believed the malware only targeted single Read More …

PyeongChang 2018 Winter Olympics Opening Ceremony Disrupted by Malware Attack

Posted onFebruary 12, 2018February 16, 2018

The Pyeongchang Winter Olympics taking place in South Korea was disrupted over the weekend following a malware attack before and during the opening ceremony on Friday. The cyber attack coincided with 12 hours of downtime on the official website for Read More …

Korea, US to Begin Joint Investment in and Research on Cyber Security in Late May

Posted onMay 22, 2017December 23, 2020

Threats of More intelligent worldwide cyber attacks of these days are strengthening cyber security alliance between Korea and the United States. According to the Korean Ministry of Science, ICT and Future Planning, the Korean government and the US government (Air Read More …