The DPRK delicate sound of cyber
Contents
Table of contents
This blogpost aims at contextualising and analysing trends pertaining to cyber malicious activities associated to the Democratic People’s Republic of Korea-nexus Intrusion Sets reported in open sources in 2022.
TLDR;
• All known Intrusion Sets associated to the Democratic People’s Republic of Korea (DPRK) were reported being active over the year, Lazarus and Kimsuky activities being the most reported on.
• Kimsuky, Bluenoroff, and Lazarus mandates continue to overlap, and Lazarus, Bluenoroff and Andariel keep on conducting dual objectives operations pertaining to revenue generation (AppleJeus, SnatchCrypto) and cyberespionage (DreamJob), in line with Pyongyang strategic interests.
• DPRK associated Intrusion Sets continued demonstrating efforts to update their TTPs and expand their toolset (Lazarus’use of the BYOVD technique and Kimsuky’s Sharpext malware) further contributing to these groups’ stealthiness and goals achievement.
• SEKOIA.IO analysts assess cyber malicious campaigns orchestrated by Pyongyang will almost certainly continue in the short-term.
________________________________________________________________________________________________________
Associated with the development of a ballistic, nuclear, …
This blogpost aims at contextualising and analysing trends pertaining to cyber malicious activities associated to the Democratic People’s Republic of Korea-nexus Intrusion Sets reported in open sources in 2022.
TLDR;
• All known Intrusion Sets associated to the Democratic People’s Republic of Korea (DPRK) were reported being active over the year, Lazarus and Kimsuky activities being the most reported on.
• Kimsuky, Bluenoroff, and Lazarus mandates continue to overlap, and Lazarus, Bluenoroff and Andariel keep on conducting dual objectives operations pertaining to revenue generation (AppleJeus, SnatchCrypto) and cyberespionage (DreamJob), in line with Pyongyang strategic interests.
• DPRK associated Intrusion Sets continued demonstrating efforts to update their TTPs and expand their toolset (Lazarus’use of the BYOVD technique and Kimsuky’s Sharpext malware) further contributing to these groups’ stealthiness and goals achievement.
• SEKOIA.IO analysts assess cyber malicious campaigns orchestrated by Pyongyang will almost certainly continue in the short-term.
________________________________________________________________________________________________________
Associated with the development of a ballistic, nuclear, …