[Weekend Briefing] News recap of threat intelligence and RSAC 2022

By Kuksung Nam, Sojun Ryu, and Dain Oh, The Readable
Jun. 17, 2022 8:47PM KST

We have recently published several in-depth news articles on threat intelligence and the 2022 RSA conference. Below is the news recap, but before we begin, there is one piece of news that you might be interested in.

1. [News] South Korea’s Spy Agency Speaks Out Against Former Director’s Claim of Keeping Public Figures’ Information

South Korea’s intelligence agency released a written statement last Saturday in response to the former director’s interview with a local radio program. In the statement, the National Intelligence Service (NIS) strongly condemned the former director’s remarks. “All agents are confined to secrecy under the law,” said the NIS. The intelligence agency also requested the former chief to refrain from mentioning the agency in public appearance. Two days before the statement, the former chief of the NIS, Park Ji-Won, admitted in front of a national audience that there are internal documents related to the personal information of public figures within the intelligence agency. According to the interview, the agency has kept personal information files dating back to the 1960’s.

2. [Intelligence] Raccoon Stealer Is Back on Track

The operator of Raccoon Stealer, who was out of action since the Russia-Ukraine War began, has recently been confirmed to have returned with an upgraded V2 version. The current V2 version is disguised as a cracked software installation file that was often used in the past V1 distribution.   Link to the article

3. [Intelligence] Reblackhat Forum Operator Running Scam Campaign Using RaidForums as Bait

A user impersonating the operator of RaidForums, which was shut down in February of this year, has recently appeared with a scam campaign.   Link to the article

4. [RSAC 2022] Why the Truth Matters

“The veracity of information is the absolute imperative in cybersecurity.” The Chief Executive Officer (CEO) of RSA said at the world’s largest cybersecurity conference, RSAC, on June 6. During the event, which was held in San Francisco from June 6 to 9, Rohit Ghai dedicated nearly one third of his twenty-four minute opening keynote to talk about the importance of accurate information.   Link to the article

5. [RSAC 2022] Reframing Security as Innovation

"Imagine that someone was to break into your house and stay for nine months. It is unthinkable in the real world, but in cyber this is the problem that we are up against," said Tom Gillis during the opening keynotes at the RSA conference Monday.   Link to the article

6. [RSAC 2022] BEC Is the Next Ransomware: Ransomware Attackers Will Turn Their Eyes to BEC

While business email compromise (BEC) attacks are relatively less well known than ransomware attacks, they will soon dominate the threat landscape, an expert of threat intelligence (TI) said Monday.   Link to the article


The cover image of this article was designed by Areum Hwang.

Kuksung Nam is a cybersecurity journalist for The Readable. She covers cybersecurity issues in South Korea, including the public and private sectors. Prior to joining The Readable, she worked as a political reporter for one of the top-five local newspapers in South Korea, The Kyeongin Ilbo, where she reported several exclusive stories regarding the misconduct of local government officials. She is currently focused on issues related to anti-fraud, as well as threats and crimes in cyberspace. She is a Korean native who is fluent in English and French, and she is interested in delivering the news to a global audience.

Sojun Ryu is a cybersecurity researcher for The Readable. He graduated from the “Best of the Best” next-generation security expert training program (BoB) at the Korea Information Technology Research Institute (KITRI) in 2013, and holds a master’s degree in information security from Sungkyunkwan University in Korea. He worked at KrCERT/CC for seven years, analyzing malware and responding to incidents. He is also one of the authors of "Operation Bookcodes," published by KrCERT/CC in 2020. Recently, Ryu has been focusing on threat intelligence, cybercrime, and advanced persistent threats (APT) by expanding into the deep, dark web with TALON, the Cyber Threat Intelligence group at S2W.

Dain Oh is an award-winning cybersecurity journalist based in South Korea and the founding editor-in-chief of The Readable by S2W. Before joining S2W, she worked as a reporter for The Electronic Times, the top IT newspaper in Korea, covering the cybersecurity industry on an in-depth level. She reported numerous exclusive stories, and her work related to the National Intelligence Service led to her being honored with the Journalist of the Year Award in 2021 by the Korea Institute of Information Security and Cryptology in a unanimous decision. She was also the first journalist to report on the hacking of vulnerable wallpads in South Korean apartments, which later became a nation-wide issue.