Tracing the Lineage of DarkSeoul
Contents
Global Information Assurance Certification Paper
Copyright SANS Institute
Author Retains Full Rights
This paper is taken from the GIAC directory of certified professionals. Reposting is not permited without express written permission.
Interested in learning more?
Check out the list of upcoming events offering
"Security Essentials: Network, Endpoint, and Cloud (Security 401)"
at http://www.giac.org/registration/gsec
Tracing the Lineage of DarkSeoul
GIAC (GSEC) Gold Certification
Author: David M. Martin, [email protected]
Advisor: Christopher Walker
Accepted: 11/20/15
Abstract
This paper presents a case study of the April 2013 “DarkSeoul” cyber-attack, which
crippled tens of thousands of computers in South Korea's banking and media sectors
through the use of destructive malware. While the attack was initially believed to be the
work of hacktivists, malware researchers discovered it was actually the outgrowth of a
multi-year cyber-espionage campaign waged by the North Korean government. By
analyzing the code commonalities and tracing the malware used in a number of
seemingly unrelated incidents, researchers were able to trace the evolution of the
intruders’ techniques and reach the conclusion that the …
Copyright SANS Institute
Author Retains Full Rights
This paper is taken from the GIAC directory of certified professionals. Reposting is not permited without express written permission.
Interested in learning more?
Check out the list of upcoming events offering
"Security Essentials: Network, Endpoint, and Cloud (Security 401)"
at http://www.giac.org/registration/gsec
Tracing the Lineage of DarkSeoul
GIAC (GSEC) Gold Certification
Author: David M. Martin, [email protected]
Advisor: Christopher Walker
Accepted: 11/20/15
Abstract
This paper presents a case study of the April 2013 “DarkSeoul” cyber-attack, which
crippled tens of thousands of computers in South Korea's banking and media sectors
through the use of destructive malware. While the attack was initially believed to be the
work of hacktivists, malware researchers discovered it was actually the outgrowth of a
multi-year cyber-espionage campaign waged by the North Korean government. By
analyzing the code commonalities and tracing the malware used in a number of
seemingly unrelated incidents, researchers were able to trace the evolution of the
intruders’ techniques and reach the conclusion that the …