Today > 1 Critical | 6 High | 24 Medium vulnerabilities   -   You can now download lists of IOCs here!

North Korean Hacking Groups Stealing Construction and Machinery Sector Technologies: A Warning

Aug. 6, 2024, 2:35 p.m.

Description

South Korea's cybersecurity community, consisting of the National Intelligence Service, Prosecution Service, Police Agency, Defense Security Command, and Cyber Command, among others, warns of the risks posed by North Korean hacking groups' cyber attacks targeting the domestic construction and machinery sectors. The report highlights the attack strategies, techniques, procedures (TTPs), and indicators of compromise (IoCs) employed by these North Korean groups. As North Korea accelerates its regional development initiatives, its party, military, and government entities, as well as hacking groups, are intensifying efforts to obtain unauthorized access to South Korea's construction, machinery, and urban development data to aid in industrial plant construction and local development plans.

Date

Published: Aug. 6, 2024, 2:12 p.m.

Created: Aug. 6, 2024, 2:12 p.m.

Modified: Aug. 6, 2024, 2:35 p.m.

Indicators

955cb4f01eb18f0d259fcb962e36a339e8fe082963dfd9f72d3851210f7d2d3b

6eebb5ed0d0b5553e40a7b1ad739589709d077aab4cbea1c64713c48ce9c96f9

216.189.159.197

206.72.205.117

www.dcc.mil.kr

ol.neqapa.p-e.kr

netup.p-e.kr

main.winters.r-e.kr

limsjo.p-e.kr

kostin.p-e.kr

appofficer.kro.kr

aerosp.p-e.kr

selectboardarticle.do

ncsc.go.kr

kmobile.bestunif.com

coolsystem.co.kr

Attack Patterns

DoraRAT

TrollAgent

Kimsuky and Andariel

T1217

T1074.001

T1573.002

T1119

T1027.002

T1189

T1113

T1071.001

T1204.002

T1005

T1083

T1036

T1041

T1195