Since the hacking of Sony Pictures

Wednesday 3 October 17:00 - 17:30, Red room

Minseok (Jacky) Cha (AhnLab)



The Sony Pictures hack occurred in 2014, and the news that the company's internal data had been destroyed and confidential data had been leaked was publicized worldwide. When Korean malware researchers first heard about the attack, they recalled the attacks against Korean banks and media companies between 2011 and 2013. But they didn't anticipate a connection with this attack. When more information on the malware was released, it came as quite a surprise to find that it contained similar code to malware which had already been found in Korea.

The Lazarus group, which includes Red Dot and Labyrinth Chollima, became well known to the press and the security community outside of Korea because of the Sony Pictures hack. Malicious code that is similar to the code used in the Sony Pictures hack is still being used in targeted attacks on Korean companies and institutions. In 2015, a zero-day exploit targeted the participants of the Seoul ADEX 2015 conference using a Hangul vulnerability and, in 2016, a Windows zero-day vulnerability was used to hack various ICT companies and web-hosting providers. The group is also suspected of attacking a cryptocurrency exchange.

In this presentation, I will describe various attacks in Korea which occurred after the Sony incident and are suspected to be the works of the Lazarus group. I will also analyse and find the changes in the malware code.  

 

Minseok(jacky)-Cha-web.jpg

Minseok (Jacky) Cha

Minseok (Jacky) Cha is a senior principal malware researcher at AhnLab. He joined AhnLab as a malware analyst in 1997. He is a member of AVAR (Association of Anti-Virus Asia Researches) and a reporter for the WildList Organization International. He has been appointed as a member of the Private/Public Cooperative Investigation Group and Cyber Expert Group in South Korea. He is a speaker at security conferences, including AVAR Conference, CARO Workshop, CodeEngn, CodeGate, ISCR (International Symposium on Cybercrime Response) and others. When he has free time, he enjoys old video games and old anime.

@mstoned7


   Download slides    Read paper

Other VB2018 papers

DOKKAEBI: Documents of Korean and Evil Binary

Jaeki Kim (Financial Security Institute)
Kyoung-Ju Kwak (Financial Security Institute)
Min-Chang Jang (Financial Security Institute)

The missing link in the chain? Android network analysis

Rowland Yu (Sophos)

Hide'n'Seek: an adaptive peer-to-peer IoT botnet

Adrian Șendroiu (Bitdefender)
Vladimir Diaconescu (Bitdefender)

Back to VB2018 Programme page

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.