Operation GoldenAxe
Contents
1. Overview
For about a year from June 2016 to May 2017, the estimated power of North Korea has been involved in South Korea’s 10 more organization’s websites related to diplomacy, space aviation, North Korea, unification, parliamentary, labor, finance, etc.
A Watering hole attack was conducted to distribute malware to visitors through. As direct attacks against institutions and businesses in the field became increasingly difficult, they conducted an attack against a relatively easy association compliant, and conducted a bypass penetration.
Infection vector used program was ActiveX programs from 10 domestic software, including electronic payments, authentication, encryption, reporting, webmail and groupware, to infect visitors in their respective fields. Some ActiveX programs have been installed on the PCs of many users in the country, and they distributed the malware using a vulnerability in zero day vulnerability where no patches existed at the time of distributing the malware. It was also able to distribute malware without …
For about a year from June 2016 to May 2017, the estimated power of North Korea has been involved in South Korea’s 10 more organization’s websites related to diplomacy, space aviation, North Korea, unification, parliamentary, labor, finance, etc.
A Watering hole attack was conducted to distribute malware to visitors through. As direct attacks against institutions and businesses in the field became increasingly difficult, they conducted an attack against a relatively easy association compliant, and conducted a bypass penetration.
Infection vector used program was ActiveX programs from 10 domestic software, including electronic payments, authentication, encryption, reporting, webmail and groupware, to infect visitors in their respective fields. Some ActiveX programs have been installed on the PCs of many users in the country, and they distributed the malware using a vulnerability in zero day vulnerability where no patches existed at the time of distributing the malware. It was also able to distribute malware without …
IoC
http://ampcc.go.kr
http://kuprp.nodong.net
http://www.ksas.or.kr
http://www.nksis.com
http://www.rokps.or.kr
http://www.tongiledu.org
http://www.tongzun.co.kr
http://www.wblu.or.kr
http://kuprp.nodong.net
http://www.ksas.or.kr
http://www.nksis.com
http://www.rokps.or.kr
http://www.tongiledu.org
http://www.tongzun.co.kr
http://www.wblu.or.kr