North Korean Hacking Groups Stealing Construction and Machinery Sector Technologies: A Warning
Aug. 6, 2024, 2:35 p.m.
Description
South Korea's cybersecurity community, consisting of the National Intelligence Service, Prosecution Service, Police Agency, Defense Security Command, and Cyber Command, among others, warns of the risks posed by North Korean hacking groups' cyber attacks targeting the domestic construction and machinery sectors. The report highlights the attack strategies, techniques, procedures (TTPs), and indicators of compromise (IoCs) employed by these North Korean groups. As North Korea accelerates its regional development initiatives, its party, military, and government entities, as well as hacking groups, are intensifying efforts to obtain unauthorized access to South Korea's construction, machinery, and urban development data to aid in industrial plant construction and local development plans.
Tags
Date
- Created: Aug. 6, 2024, 2:12 p.m.
- Published: Aug. 6, 2024, 2:12 p.m.
- Modified: Aug. 6, 2024, 2:35 p.m.
Indicators
- 955cb4f01eb18f0d259fcb962e36a339e8fe082963dfd9f72d3851210f7d2d3b
- 6eebb5ed0d0b5553e40a7b1ad739589709d077aab4cbea1c64713c48ce9c96f9
- 216.189.159.197
- 206.72.205.117
- www.dcc.mil.kr
- ol.neqapa.p-e.kr
- netup.p-e.kr
- main.winters.r-e.kr
- limsjo.p-e.kr
- kostin.p-e.kr
- appofficer.kro.kr
- aerosp.p-e.kr
- selectboardarticle.do
- ncsc.go.kr
- kmobile.bestunif.com
- coolsystem.co.kr
Attack Patterns
- DoraRAT
- TrollAgent
- Kimsuky and Andariel
- T1217
- T1074.001
- T1573.002
- T1119
- T1027.002
- T1189
- T1113
- T1071.001
- T1204.002
- T1005
- T1083
- T1036
- T1041
- T1195