by lawgimenez
1 subcomments
- I believe these are the hackers responsible for this leak: https://phrack.org/issues/72/7_md#article
- I’ve heard that in North Korea it is difficult for ordinary people to learn or own a computer. It is assumed that a small number of elite operatives are selected and trained to carry out such tasks, and it is somewhat surprising that they possess the latest technology and conduct hacking.
- > The dump also revealed reliance on GitHub repositories known for offensive tooling. TitanLdr, minbeacon, Blacklotus, and CobaltStrike-Auto-Keystore were all cloned or referenced in command logs.
What's the rationale for allowing the development of offensive tooling on github? Is this a free-speech thing, or are these repositories relevant for scientific research in some way?
- This is interesting due to the tying of DPRK and PRC. It seems hard to say how much coordination there is between the two, but whatever it is, it appears to be greater than zero. While not necessarily surprising, I wonder if this public attribution will make it harder for the PRC to deny involvement with both the DPRK's efforts and their own.
by codedokode
4 subcomments
- Why everyone working with the government doesn't use hardware keys without passwords so that fishing is useless?
- > Attribution Scenarios:
Option A: DPRK Operator Embedded in PRC
> Use of Korean language, OCR targeting of Korean documents, and focus on GPKI systems strongly suggest North Korean origin.
I'm don't follow how needing OCR to read Korean documents points to them being North Korean?
Could also point in the opposite direction of them needing to copy the text for translation.
- > The leaked dataset attributed to the “Kim” operator offers a uniquely operational perspective into North Korean-aligned cyber operations.
It's puzzling why the NORC hackers didn't use a nearest neighbor hack rather than leaving a trail of bread crumbs all the way back to Pyongyang ;)
by aussieguy1234
1 subcomments
- That's a fairly detailed analysis of an APT workflow.
Now, non-APT actors, if they wanted to up their level of sophistication, might replicate some of these workflows for their own nefarious activities.
- interesting stuff but the china angle is a bit overstated with option A/B.
it could simply be the guy maintains presence there because he has access. NK has no public internet so he might simply enjoy internet access -_- rather than neccesarily be either pretending to be chinese or working for them...
- So this is interesting from a technical perspective. Some of this infrastructure is used by pen testers and the likes, which just goes to show that there is no such thing as a defensive weapon. I'll let you ponder why that might be pertinent.
Unfortunately, it quickly turns into a discussion of how bad NK and China are and how China shouldn't support NK (because, again, they're bad).
I'll offer two words to expose the hypocrisy of this: Stuxnet, Pegasus.
by curtisszmania
0 subcomment
- [dead]
by huflungdung
0 subcomment
- [dead]
- This is some clickbait. At least to me. I've recently read an article that when Kim Jong Un takes dump he does it in a N.Korea secret service owned toilet that is being dragged always with him. Hence "Kim dump" sounds really... Physical...
Hacker News