lazarusholic

Everyday is lazarus.dayβ

국내 방위산업체 공격 동향 보고서

2017-07-03, Ahnlab
http://download.ahnlab.com/kr/site/library/%5bAnalysis%5dDefense_Industry_Threats.pdf
5bAnalysis5dDefense_Industry_Threats.pdf, 1.1 MB
#RedDot #Defense #GhostRifle #AnonymousPhantom #Whitepaper

Contents

2017.07.03

국내 방위산업체 공격 동향 보고서

안랩 시큐리티대응센터(ASEC) 분석팀

경기도 성남시 분당구 판교역로 220 (우) 13493 | 대표전화 : 031-722-8000 | 팩스 : 031-722-8901 | www.ahnlab.com
© AhnLab, Inc. All rights reserved.


국내 방산산업체 공격 동향 보고서

목차
개요 ............................................................................................................................................................................................ 3
공격 현황 ................................................................................................................................................................................ 4
공격 방식 ................................................................................................................................................................................ 7
스피어피싱(Spear Phishing) 이메일........................................................................................................................ 7
워터링 홀(Watering hole) ........................................................................................................................................... 7
중앙 관리 시스템............................................................................................................................................................ 8
국내외 주요 공격 사례 ..................................................................................................................................................... 8
국내 사례 .............................................................................................................................................................................. 10
Icefog-NG 변형 ............................................................................................................................................................. 10
오퍼레이션 레드닷(Operation Red Dot) ............................................................................................................. 11
오퍼레이션 고스트 라이플(Operation Ghost Rifle) ....................................................................................... 20
오퍼레이션 어나니머스 팬텀(Operation Anonymous Phantom) ............................................................ 25
국내 공격 사례의 특징 ................................................................................................................................................... 27
공격 그룹 연관성.......................................................................................................................................................... 27
한국어 사용자 가능성 ................................................................................................................................................ 29
악성코드 상세 분석.......................................................................................................................................................... 31
Escad................................................................................................................................................................................... 31
Rifdoor ............................................................................................................................................................................... 33
Phandoor .......................................................................................................................................................................... 36
안랩 대응 및 보안 권고................................................................................................................................................. 37
결론 .......................................................................................................................................................................................... 38

© AhnLab, Inc. All rights reserved.

2


국내 방산산업체 공격 동향 보고서

개요
지난 2010 년부터 본격화된 국내외 방위산업체에 대한 공격은 현재까지 꾸준히 지속되고 있다. 방위산업체
는 방위산업물자를 생산하는 업체로, 단순 산업 분야가 아니라 국가 안보와 밀접히 연관되어 있으며, 경쟁
국 혹은 적대국가에서 이들 업체의 정보를 노릴 가능성도 배제할 수 …

IoC

122.224.214.108
1822cb4edb8f40fa9a778e7584e9c44e
183.82.97.201
196.202.33.106
203.113.122.163
203.113.122.164
2f84f7d377ec42f99c38bee8bf1e8cd4
66.45.231.125
87.197.125.51