Changes of Cyber Hacking Attack Aspect of North Korea Cyber-Attack Groups Applying MITRE ATT&CK

GwangHyun Ahn; Seon-a Lee; Won-hyung Park

Changes of Cyber Hacking Attack Aspect of North Korea Cyber-Attack Groups Applying MITRE ATT&CK

Authors : GwangHyun Ahn; Seon-a Lee; Won-hyung Park

Abstract

In the process of preparing cyber security and space security enhancement plans worldwide, cyber attacks such as North Korean cyber attacker groups Thallium, Kimsuky, Geumseong 121, and Lazarus have developed into advanced levels and continue to threaten cyber security and space security. The North Korean cyber attack team has been strengthening cyber attacks by using social engineering techniques through political and social issues for unspecified numbers of people using detailed attack stages, procedures, technologies and tools using cyber kill chain technology, starting with APT attacks in the past. In this paper, we use the enemy cyber threat analysis data to analyze the correlation between North Korean cyber attack groups by applying MITRE's ATT&CK, and estimate the source of attack origin such as open vulnerability, malicious code information, attack group cyber attack characteristics, and attack cases. Through this, we propose Aspect change in cyber hacking attacks by North Korean cyber attack groups based on ATT&CK.

Keywords: MITRE ATT&CK; Kimsuky; Thallium; Lazarus; Geumseong 121; APT; Cyber KillChain; North Korea

Research Briefs on Information & Communication Technology Evolution (ReBICTE)
Vol. 7, No. 7, pp. 1-14, October 5, 2021 [pdf]

DOI: 10.22667/ReBiCTE.2021.10.05.007