Despite being one of the most closed and secretive nations in the earth, from Sony Picture breach to Lazarus ATM attacks, attacks from North Korea cyber army seems to be more and more aggressive than before. From our observation, North Korea cyber army has expanded their campaign from South Korea targets to global. Therefore, we think it is essential to understand the digital weapons they leveraged in their attacks, especial in these tense times between North Korea and their opponent countries.
North Korea cyber army has been operated for several years. South Korea has been suffered from about 500 attack incidents every year, and the number is increasing. From these attacks, we were able to analysis the weapons they used and tracked their campaigns.
In this presentation, we will take a deep dive into the malicious codes they used in the both cyber espionage and cybercrime attack. In addition, we will analyse the exploits and the C&C infrastructure they leverage in the attacks. We will explain how we recognized these malwares, and release detection rules to detect them.