Everyday is lazarus.dayβ

SK Hack by an Advanced Persistent Threat

2011-09-24, Commandfive
C5_APT_SKHack.pdf, 371.4 KB
#SKHack #SupplyChain #Suspicious


SK Hack by an
Advanced Persistent Threat
Command Five Pty Ltd
September 2011

This document summarises the July 2011 intrusion into SK
Communications which culminated in the theft of the personal
information of up to 35 million people. It describes the use of a trojaned
software update to gain access to the target network, in effect turning a
security practice into a vulnerability. It also describes the use of a
legitimate company to host tools used in the intrusion. Links between
this intrusion and other malicious activity are identified and valuable
insights are provided for network defenders. Technical details of
malicious software and infrastructure are also provided.

This paper discusses malicious activity and
identifies Internet Protocol (IP) addresses, domain
names, and websites that may contain malicious
content. For safety reasons these locations should
not be accessed, scanned, probed, or otherwise
interacted with unless their trustworthiness can be
On 28 July 2011 SK Communications announced it
had been the subject of a hack which resulted in the
theft of the personal …