Analysis of the recent offensive operations conducted by North Korean APT groups
Contents
Author: Nan&XWS@Knownsec 404 Advanced Threat Intelligence team
Chinese version: https://paper.seebug.org/3030/
1.Overview of APT Attacks by North Korean Organization
In August 2023, the Knownsec 404 Advanced Threat Intelligence team observed a significant increase in APT attacks by a North Korean organization targeting South Korea. Compared to previous regular hot-spot attacks, the August attacks were more focused on large-scale and batch attacks.
The unusual activities of the North Korean organization attracted our attention, prompting us to intensify our tracking efforts. Based on a month-long close monitoring, we found that this attack campaign resembled the operational thinking of the Russian APT group Gamaredon, which we have previously disclosed. It involved large-scale indiscriminate information gathering.
We then sought to understand the recent situation on the Korean Peninsula and discovered that a joint military exercise called "Ulchi Freedom Shield" was conducted by South Korea and the United States. The exercise officially began at midnight on August 21st and was preceded …
Chinese version: https://paper.seebug.org/3030/
1.Overview of APT Attacks by North Korean Organization
In August 2023, the Knownsec 404 Advanced Threat Intelligence team observed a significant increase in APT attacks by a North Korean organization targeting South Korea. Compared to previous regular hot-spot attacks, the August attacks were more focused on large-scale and batch attacks.
The unusual activities of the North Korean organization attracted our attention, prompting us to intensify our tracking efforts. Based on a month-long close monitoring, we found that this attack campaign resembled the operational thinking of the Russian APT group Gamaredon, which we have previously disclosed. It involved large-scale indiscriminate information gathering.
We then sought to understand the recent situation on the Korean Peninsula and discovered that a joint military exercise called "Ulchi Freedom Shield" was conducted by South Korea and the United States. The exercise officially began at midnight on August 21st and was preceded …
IoC
012063e0b7b4f7f3ce50574797112f95492772a9b75fc3d0934a91cc60faa240
01e7405ddd5545ffb4a57040acc4b6f8b8a5cc328fa8172e1800a1cb49bdf15c
151bfb656ce44249960c7aee094884cd5377dac57af9c001e051cde4b3901137
440ca9963b73653615de02e44b2ccd137e9609bb9975e79ffed1dca713a163d6
578689cb4b06c4d3f1850e4379c4b31f49170749c66b9576e1088f59fc891da2
6a6f7bdca0423b8702c1803bf5593e2cc9eb06dc6df41310a11d9c2c8bcc1bae
778e46f8f3641a92d34da68dffc168fdc936841c5ad3d8b44da62a7b2dfe2ee1
87d60ea4650c18a1629892b26e22c975f317ff61ec27723e596158ec51db8b69
9fd5094447ff48e7ec032ced663717c99a164a5e8f4222d8f9cc708e24d3bc4d
a1f6ae788bf3f9ae17893f3b12d557f69b17fdb4f030ed5e5f66dbb6d2cc9d78
b31b89e646de6e9c5cbe21798e0157fef4d8e612d181085377348c974540760a
b3653c1d66f7878c2c5b60506bfe6fbbf50d17d6bf405f1a6e58c60fc6b40d6b
be568aad2e29b25609358b7793a36ebb3cb2109c3458e5920523a3104cded0fd
cabdc51411d452e30e6fd6786a957520733dc8f0cef3656ffebdc797a7fca9bc
d245f208d2a682f4d2c4464557973bf26dee756b251f162adb00b4074b4db3ac
dd85c8400fb30e4d02f0159aab3c3dbe55d277360f04b1a4296d95bec0488e5a
f4897180b6d70b8134ed0a433af33ae173b666d32942d09d72cc8135b1ae93ba
f5e46e18facc6f8fde6658b96dcd379b82cc6ae2e676fb47f08cbeccd307b1b4
f9171a375f765eae7a0babe94acaa081645da1f41a8d112d2d1e6bb26b81fd98
01e7405ddd5545ffb4a57040acc4b6f8b8a5cc328fa8172e1800a1cb49bdf15c
151bfb656ce44249960c7aee094884cd5377dac57af9c001e051cde4b3901137
440ca9963b73653615de02e44b2ccd137e9609bb9975e79ffed1dca713a163d6
578689cb4b06c4d3f1850e4379c4b31f49170749c66b9576e1088f59fc891da2
6a6f7bdca0423b8702c1803bf5593e2cc9eb06dc6df41310a11d9c2c8bcc1bae
778e46f8f3641a92d34da68dffc168fdc936841c5ad3d8b44da62a7b2dfe2ee1
87d60ea4650c18a1629892b26e22c975f317ff61ec27723e596158ec51db8b69
9fd5094447ff48e7ec032ced663717c99a164a5e8f4222d8f9cc708e24d3bc4d
a1f6ae788bf3f9ae17893f3b12d557f69b17fdb4f030ed5e5f66dbb6d2cc9d78
b31b89e646de6e9c5cbe21798e0157fef4d8e612d181085377348c974540760a
b3653c1d66f7878c2c5b60506bfe6fbbf50d17d6bf405f1a6e58c60fc6b40d6b
be568aad2e29b25609358b7793a36ebb3cb2109c3458e5920523a3104cded0fd
cabdc51411d452e30e6fd6786a957520733dc8f0cef3656ffebdc797a7fca9bc
d245f208d2a682f4d2c4464557973bf26dee756b251f162adb00b4074b4db3ac
dd85c8400fb30e4d02f0159aab3c3dbe55d277360f04b1a4296d95bec0488e5a
f4897180b6d70b8134ed0a433af33ae173b666d32942d09d72cc8135b1ae93ba
f5e46e18facc6f8fde6658b96dcd379b82cc6ae2e676fb47f08cbeccd307b1b4
f9171a375f765eae7a0babe94acaa081645da1f41a8d112d2d1e6bb26b81fd98