TT Malware Log

マルウェア / サイバー攻撃 / 解析技術 に関する「個人」の調査・研究ログ

北朝鮮の攻撃組織 (まとめ)

【別名情報】

名称   別名 備考
Lazarus Hidden Cobra, Dark Seoul, Silent Chollima, Hastati, Bureau 121, Whois Hacking Team, Unit 121,NewRomanic Cyber Army Team
Bluenoroff Lazarusの分派
Andariel Lazarusの分派
Kimsuki
APT38 TEMP.Hermit
OnionDog
APT37 Reaper, Scarcruft, Group123, Ricochet Chollima, Red Eyes, Dark Sleeper

【参考情報】

■Lazarus
別名: Hidden Cobra, Dark Seoul, Silent Chollima, Hastati, Bureau 121, Whois Hacking Team, Unit 121,NewRomanic Cyber Army Team
作戦: Operation Troy, Operation-Blockbuster, Tdrop, Tdrop2, Troy

◆Dissecting Operation Troy: Cyberespionage in South Korea (McAfee)
https://www.mcafee.com/us/resources/white-papers/wp-dissecting-operation-troy.pdf

◆TDrop2 Attacks Suggest Dark Seoul Attackers Return (paloalto, 2015/11/18)
https://researchcenter.paloaltonetworks.com/2015/11/tdrop2-attacks-suggest-dark-seoul-attackers-return/
http://malware-log.hatenablog.com/entry/2015/11/18/000000_2

◆Operation Blockbuster (Novetta)
https://www.operationblockbuster.com/wp-content/uploads/2016/02/Operation-Blockbuster-Report.pdf
http://malware-log.hatenablog.com/entry/2016/02/01/000000

◆HIDDEN COBRA – North Korea’s DDoS Botnet Infrastructure (US-CERT, 2017/06/13)
https://www.us-cert.gov/ncas/alerts/TA17-164A


■Bluenoroff
位置づけ: Lazarusの分派

◆Lazarus Under The Hood (SecureList, 2017/04/03)
https://securelist.com/lazarus-under-the-hood/77908/
https://securelist.com/files/2017/04/Lazarus_Under_The_Hood_PDF_final.pdf
http://malware-log.hatenablog.com/entry/2017/04/03/000000_1


■Kimsuki

◆The “Kimsuky” Operation: A North Korean APT? (SecureList, 2013/09/11 20:10)
https://securelist.com/the-kimsuky-operation-a-north-korean-apt/57915/
http://malware-log.hatenablog.com/entry/2013/09/11/000000_1


■TEMP.Hermit

◆Sony hackers alive and well, say Kaspersky and AlienVault (SC Media, 2016/02/16)
https://www.scmagazine.com/sony-hackers-are-still-hacking-researchers-say/article/528382/


■OnionDog

◆Korean Energy and Transportation Targets Attacked by OnionDog APT (Softpedia News, 2016/03/09 13:30)
http://news.softpedia.com/news/korean-energy-and-transportation-targets-attacked-by-oniondog-apt-501534.shtml
http://malware-log.hatenablog.com/entry/2016/03/09/000000


■ APT37
別名: Reaper, Scarcruft, Group123, Ricochet Chollima, Red Eyes, Dark Sleeper

◆APT37 (まとめ)
http://malware-log.hatenablog.com/entry/APT37

◆APT37 (REAPER) (FireEye, 2018/02/21)

知られざる北朝鮮の攻撃グループ

https://www2.fireeye.com/rs/848-DID-242/images/rpt-apt37-JP.pdf

◆APT37 (FireEye)
https://www.fireeye.com/current-threats/apt-groups.html

◆CVE-2016-4171 – Adobe Flash Zero-day used in targeted attacks (SecureList, 2016/06/14)
https://securelist.com/cve-2016-4171-adobe-flash-zero-day-used-in-targeted-attacks/75082/

◆Flashゼロデイ攻撃、APTグループ「ScarCruft」関与か - EMETで回避可能 (Security NEXT, 2016/06/15)
http://www.security-next.com/070993

◆APT Group Uses Flash Zero-Day to Attack High-Profile Targets (SECURITYWEEK, 2016/06/15)
http://www.securityweek.com/apt-group-uses-flash-zero-day-attack-high-profile-targets

◆Operation Daybreak (SECURELIST, 2016/06/17)

Flash zero-day exploit deployed by the ScarCruft APT Group

https://securelist.com/blog/research/75100/operation-daybreak/

◆Adobe Flash Player 22.0.0.192 release fixes the Flash Player zero-day vulnerability (CVE-2016-4171) exploited by the APT group dubbed ScarCruft. (Security Affairs, 2016/06/19)
http://securityaffairs.co/wordpress/48531/cyber-crime/flash-zero-day-scarcruft.html

◆North Korean hackers belonging to the North Korea Group 123 have conducted at least six different massive malware campaigns during 2017. (Security Affairs, 2018/01/18)
http://securityaffairs.co/wordpress/67895/hacking/north-korea-group-123.html

◆Cisco and FireEye Pointing Finger at North Korea Hacking Group For Adobe Flash 0-Day In The Wild (Security Affairs, 2018/02/05)
http://securityaffairs.co/wordpress/68718/hacking/north-korea-adobe-flash-0day.html

◆THE TOOLSET OF AN ELITE NORTH KOREAN HACKER GROUP ON THE RISE (WIRED, 2018/02/20)
https://www.wired.com/story/north-korean-hacker-group-apt37/

◆North Korean APT Group tracked as APT37 broadens its horizons (Security Affairs, 2018/02/21)
http://securityaffairs.co/wordpress/69339/apt/apt37-broadens-horizons.html

◆北朝鮮 ハッカー集団、国家ぐるみで日本に攻撃か (毎日新聞, 2018/02/22)
https://mainichi.jp/articles/20180222/ddm/007/030/070000c

◆北朝鮮のサイバー攻撃グループ「APT37」が活発化 (THE ZERO/ONE, 2018/03/02)
https://the01.jp/p0006529/

関連情報

【関連まとめ記事】

全体まとめ
 ◆攻撃組織 / Actor (まとめ)

◆標的型攻撃組織 / APT (まとめ)
https://malware-log.hatenablog.com/entry/APT

◆攻撃者の情報 (まとめ)
http://malware-log.hatenablog.com/entry/attacker

◆Andariel / Silent Chollima (まとめ)
https://malware-log.hatenablog.com/entry/Andariel


Copyright (C) 谷川哲司 (Tetsuji Tanigawa) 1997 - 2019