OnionDog is not a Targeted Attack—It’s a Cyber Drill
Contents
Endpoints
OnionDog is not a Targeted Attack—It’s a Cyber Drill
We looked into smaller scale attacks in which an actor group allegedly attacked high profile targets working in the energy and transportation sector of South Korea. Known as OnionDog, these are not targeted attacks, but cyber drills.
Save to Folio
Alleged attacks from North Korean actors are a hot security research topic. The infamous Sony Pictures hack in 2014, for instance, was reported by some to be the work of North Korean threat actors. There is a lot of interest in Lazarus too, which is purportedly a North Korea-linked group responsible for a couple of global bank heists that attempted to steal staggering amounts of money.
In this blog post, we will look into smaller scale attacks in which an actor group allegedly attacked high profile targets working in the energy and transportation sector of South Korea for more than three years in a row. …
OnionDog is not a Targeted Attack—It’s a Cyber Drill
We looked into smaller scale attacks in which an actor group allegedly attacked high profile targets working in the energy and transportation sector of South Korea. Known as OnionDog, these are not targeted attacks, but cyber drills.
Save to Folio
Alleged attacks from North Korean actors are a hot security research topic. The infamous Sony Pictures hack in 2014, for instance, was reported by some to be the work of North Korean threat actors. There is a lot of interest in Lazarus too, which is purportedly a North Korea-linked group responsible for a couple of global bank heists that attempted to steal staggering amounts of money.
In this blog post, we will look into smaller scale attacks in which an actor group allegedly attacked high profile targets working in the energy and transportation sector of South Korea for more than three years in a row. …
IoC
04e87e473d34974874dd0a5289433c95ef27a3405ba9ad933800b1b855e6e21a
0ea456fd1274a784924d27beddc1a5caa4aa2f8c5abdf86eb40637fe42b43a7f
112.169.154.65
19e3aa92bc16915d9f3ff17731caf43519169fddda4910ad5becb71ef87a29d5
1e926d83c25320bcc1f9497898deac05dff096b22789f1ac1f63c46d2c1c16a7
1ffa34f88855991bdc9a153e01c9e18074ba52a773f4da390c4b798df6e6dc4e
218.145.131.130
218.153.172.53
220.85.160.3
221.149.223.209
221.149.32.213
222.107.13.113
46fb5bcea417d7ff38edff7e39982aa9f89f890a97d8a0218b6c0f96a5e9bad2
65d226469d6bdb1e7056864fe6d3866c8c72613b6b61a59547ef9c36eda177dd
6dd79b5b9778dc0b0abefa26193321444236a1525d03227f150e6e968999fea5
7461e8b7416bf8878d20a696a27ccf378c93afc6c8f120840c3738b9508839d2
7564990506f59660c1a434ce1526b2aea35a51f97b8a490353eece18ec10b910
8b91cfd40529b5667bbdab970d8dba05fca0952fffba8ccbb1ad9549d204ba85
999c1d4c070e6817c3d447cf9b9869b63e82c21c6e01c6ea740fbed38b730e6e
b35b7a1b437d5998b77e10fdbf166862381358250cf2d1b34b61cf682157ff19
caf4b03118e5c5580c67b094d58389ade565d5ae82c392bb61fc0166063e845a
dbb0878701b8512daa057c93d9653f954dde24a25306dcee014adf7ffff0bdb4
e20d0a8e1dec96ed20bd476323409f8f5c09531777207cfeda6b7f3573426104
f8c71f34a6cfdc9e3c4a0061d5e395ffe11d9d9e77abe1a5d4b6f335d08da130
fa5799c25b5ea2ecb24ee982a202e68aad77db7e6b18f37151fa744010f69979
fd03f3f65979ec7b8b6055f92f023b08f57c3095557d1f00d88f01f4d4cb46b7
http://221.149.223.209
http://dril113.ncsc.go.kr
http://drill14.kr.ncsc.go.kr
0ea456fd1274a784924d27beddc1a5caa4aa2f8c5abdf86eb40637fe42b43a7f
112.169.154.65
19e3aa92bc16915d9f3ff17731caf43519169fddda4910ad5becb71ef87a29d5
1e926d83c25320bcc1f9497898deac05dff096b22789f1ac1f63c46d2c1c16a7
1ffa34f88855991bdc9a153e01c9e18074ba52a773f4da390c4b798df6e6dc4e
218.145.131.130
218.153.172.53
220.85.160.3
221.149.223.209
221.149.32.213
222.107.13.113
46fb5bcea417d7ff38edff7e39982aa9f89f890a97d8a0218b6c0f96a5e9bad2
65d226469d6bdb1e7056864fe6d3866c8c72613b6b61a59547ef9c36eda177dd
6dd79b5b9778dc0b0abefa26193321444236a1525d03227f150e6e968999fea5
7461e8b7416bf8878d20a696a27ccf378c93afc6c8f120840c3738b9508839d2
7564990506f59660c1a434ce1526b2aea35a51f97b8a490353eece18ec10b910
8b91cfd40529b5667bbdab970d8dba05fca0952fffba8ccbb1ad9549d204ba85
999c1d4c070e6817c3d447cf9b9869b63e82c21c6e01c6ea740fbed38b730e6e
b35b7a1b437d5998b77e10fdbf166862381358250cf2d1b34b61cf682157ff19
caf4b03118e5c5580c67b094d58389ade565d5ae82c392bb61fc0166063e845a
dbb0878701b8512daa057c93d9653f954dde24a25306dcee014adf7ffff0bdb4
e20d0a8e1dec96ed20bd476323409f8f5c09531777207cfeda6b7f3573426104
f8c71f34a6cfdc9e3c4a0061d5e395ffe11d9d9e77abe1a5d4b6f335d08da130
fa5799c25b5ea2ecb24ee982a202e68aad77db7e6b18f37151fa744010f69979
fd03f3f65979ec7b8b6055f92f023b08f57c3095557d1f00d88f01f4d4cb46b7
http://221.149.223.209
http://dril113.ncsc.go.kr
http://drill14.kr.ncsc.go.kr