North Korean Hacking Groups Stealing Construction and Machinery Sector Technologies: A Warning
Aug. 6, 2024, 2:35 p.m.
Description
South Korea's cybersecurity community, consisting of the National Intelligence Service, Prosecution Service, Police Agency, Defense Security Command, and Cyber Command, among others, warns of the risks posed by North Korean hacking groups' cyber attacks targeting the domestic construction and machinery sectors. The report highlights the attack strategies, techniques, procedures (TTPs), and indicators of compromise (IoCs) employed by these North Korean groups. As North Korea accelerates its regional development initiatives, its party, military, and government entities, as well as hacking groups, are intensifying efforts to obtain unauthorized access to South Korea's construction, machinery, and urban development data to aid in industrial plant construction and local development plans.
Date
| Published | Created | Modified |
|---|---|---|
| Aug. 6, 2024, 2:12 p.m. | Aug. 6, 2024, 2:12 p.m. | Aug. 6, 2024, 2:35 p.m. |
Indicators
955cb4f01eb18f0d259fcb962e36a339e8fe082963dfd9f72d3851210f7d2d3b
6eebb5ed0d0b5553e40a7b1ad739589709d077aab4cbea1c64713c48ce9c96f9
216.189.159.197
206.72.205.117
www.dcc.mil.kr
Attack Patterns
DoraRAT
TrollAgent
Kimsuky and Andariel
T1217
T1074.001
T1573.002
T1119
T1027.002
T1189
T1113
T1071.001
T1204.002
T1005
T1083
T1036
T1041
T1195