Wednesday 3 October 17:00 - 17:30, Red room
Minseok (Jacky) Cha (AhnLab)
The Sony Pictures hack occurred in 2014, and the news that the company's internal data had been destroyed and confidential data had been leaked was publicized worldwide. When Korean malware researchers first heard about the attack, they recalled the attacks against Korean banks and media companies between 2011 and 2013. But they didn't anticipate a connection with this attack. When more information on the malware was released, it came as quite a surprise to find that it contained similar code to malware which had already been found in Korea.
The Lazarus group, which includes Red Dot and Labyrinth Chollima, became well known to the press and the security community outside of Korea because of the Sony Pictures hack. Malicious code that is similar to the code used in the Sony Pictures hack is still being used in targeted attacks on Korean companies and institutions. In 2015, a zero-day exploit targeted the participants of the Seoul ADEX 2015 conference using a Hangul vulnerability and, in 2016, a Windows zero-day vulnerability was used to hack various ICT companies and web-hosting providers. The group is also suspected of attacking a cryptocurrency exchange.
In this presentation, I will describe various attacks in Korea which occurred after the Sony incident and are suspected to be the works of the Lazarus group. I will also analyse and find the changes in the malware code.
Minseok (Jacky) Cha
Minseok (Jacky) Cha is a senior principal malware researcher at AhnLab. He joined AhnLab as a malware analyst in 1997. He is a member of AVAR (Association of Anti-Virus Asia Researches) and a reporter for the WildList Organization International. He has been appointed as a member of the Private/Public Cooperative Investigation Group and Cyber Expert Group in South Korea. He is a speaker at security conferences, including AVAR Conference, CARO Workshop, CodeEngn, CodeGate, ISCR (International Symposium on Cybercrime Response) and others. When he has free time, he enjoys old video games and old anime.
Sayeed Abu-Nimeh (Seclytics)
Matthias Leisi (DNS Whitelist (DNSWL))
Alexander Vukcevic (Avira)
Jiri Sejtko (Avast)