Login Papers Register

Need an account to vote? Register to attend at gsec.hitb.org/sg2017/

<< previous next >>

A Deep Dive into the Digital Weapons of the North Korean Cyber Army

Ashley Shen

This paper has been accepted.

Despite being one of the most closed and secretive nations in the earth, from Sony Picture breach to Lazarus ATM attacks, attacks from North Korea cyber army seems to be more and more aggressive than before. From our observation, North Korea cyber army has expanded their campaign from South Korea targets to global. Therefore, we think it is essential to understand the digital weapons they leveraged in their attacks, especial in these tense times between North Korea and their opponent countries.

North Korea cyber army has been operated for several years. South Korea has been suffered from about 500 attack incidents every year, and the number is increasing. From these attacks, we were able to analysis the weapons they used and tracked their campaigns.

In this presentation, we will take a deep dive into the malicious codes they used in the both cyber espionage and cybercrime attack. In addition, we will analyse the exploits and the C&C infrastructure they leverage in the attacks. We will explain how we recognized these malwares, and release detection rules to detect them.

About Ashley Shen

Chi-en Shen (Ashley) is currently working as a senior cyber threat analyst at Team T5 Inc., where she focuses on tracking and monitoring advance persistence threat from threat actors. Her major areas of research include malware analysis, malicious documents, reverse engineering, cyber threat intelligence, threat hunting, incident response and the tracking of emerging threats. Prior to this position, she was a research assistant in the information security lab at National Tsing Hua University in Taiwan. Ashley start to serve in the Black Hat review board since 2016. She is also a member and frequent speaker of “Hacks in Taiwan Conference” community. For supporting women in InfoSec, Ashley founded “HITCON GIRLS” – the first security community for women in Taiwan. Ashley is also a regular speaker at information security conferences, including Taiwan security submit, CODE BLUE, Troopers, HITCON Community, HITCON Enterprise and VXCON.

About Moonbeom Park

Moonbeom, he is an independent researcher for APT group tracking and profiling, has 10 years of experience in hacking analysis, digital forensic, research on hacking and forensic, profiling hacking source. He is one of experts among government and private sector in fields of forensic, hacking analysis, hacker profiling, counter-attack on hackers. Also he has participated in various international security conference such as TROOPERS, HITB-GSEC, HITCON, Ekoparty, VXCON.