Exploiting Trust: When a Trusted Security Solution Becomes a DPRK Trojan Horse-lazarusholic

Exploiting Trust: When a Trusted Security Solution Becomes a DPRK Trojan Horse

2025-12-03, lazarusholic
https://speakerdeck.com/jglyu/exploiting-trust-when-a-trusted-security-solution-becomes-a-dprk-trojan-horse
#Slides

national PKI •Real-time transfers via web browsers •US crypto-export restrictions led to adoption ActiveX controls •Three mandatory plugins became widely adopted - SSL-like layer(with National PKI support) - Anti-Virus - Anti-Keylogger The dawn of internet banking 1999 2002 e-Government services launch Korean Financial ISAC established •Real-time issuance of public documents via web browsers •Based on ActiveX controls
•IT Asset Management •Anti-Virus •Patch Management •Data Loss Protection •Network Access Control 2009 2010 2011 Network separation regulations introduced for public sector NH Bank system destruction 2013 3.20 cyber terror(Dark Seoul) •Initial Access via ActiveX vulnerability •Mass Infection using on-premises central management systems Network separation mandated for financial sector First Contact First Destructive Attack Largest and Most Damaging Attack
2015 Financial Security Institute established Discussions begin for standards-based internet banking •Introduction of non-ActiveX plugins(executables) 2016 Initech(ActiveX supplier) breach 2017 Bithumb exchange heist Operation GoldenAxe 2018 •Targeted watering-hole attacks exploiting ActiveX controls First Ransomware First Major …

lazarusholic

Everyday is lazarus.day^β

Exploiting Trust: When a Trusted Security Solution Becomes a DPRK Trojan Horse

Contents