[Weekend Briefing] Collaboration to pivot the threat landscape

By Dain Oh and Kuksung Nam, The Readable
Dec. 2, 2022 11:11PM KST

“Weekend Briefing” is a weekly newsletter that is sent to The Readable’s subscribers every Friday. Cybersecurity journalists for The Readable carefully select important news stories from the previous week and deliver them in a compact form. Topics encompass cybercrime, geopolitics, and privacy. There are no costs involved with a subscription, and some content, such as the monthly ransomware index report, is only available to those who subscribe to our newsletters.

Hello, this is Dain Oh and Kuksung Nam in South Korea. The Readable has picked five news articles to share with you. Have a great weekend!

1. Korean intelligence agency opens cybersecurity collaboration center

The opening ceremony of the national cybersecurity collaboration center is being held at an office complex in Pangyo on November 30. Kim Kyou-hyun, the National Intelligence Service chief, is at the sixth from the left. Photo by the NIS

The South Korean intelligence agency has opened the cybersecurity collaboration center on Wednesday, which is specifically designed to promote information sharing between the private and public sector concerning cybersecurity and collaborative responses to cyber threats on a national level.

The National Intelligence Service announced on November 30 that it opened the cybersecurity collaboration center in Pangyo, the city often referred to as the Silicon Valley of South Korea. At the opening ceremony, which took place on the same day, high-ranking figures from the government and the cybersecurity industry made appearances, including Kim Kyou-hyun, the NIS chief.

The national cybersecurity collaboration center is the agency’s accomplishment after two years of efforts to increase information sharing in the cybersecurity industry in response to skyrocketing cyberattacks pouring into the country. Since the first news about the establishment of the center was reported by a local newspaper in February 2021, there have been great expectations regarding the enhancement of cybersecurity leveraged by the center. To read the original reporting, click here.

2. [Perspective] Collaboration to pivot the threat landscape

Dain Oh, Editor-in-Chief, The Readable.

Information sharing sounds quite mundane. However, it has become one of the most important terms in cybersecurity for the last few years. It is believed to be a powerful, effective countermeasure able to respond to threat actors when the odds are against the defenders. The RSA conference, which took place in June of this year, also acknowledged the significant magnitude of the term.

For example, Avril Haines, the Director of National Intelligence of the United States, urged cybersecurity experts to participate in information sharing, saying “being able to develop the mechanisms that allow you to [provide information to partners] in real time is absolutely crucial.” If defenders can collaborate with each other, leveraging shared information, such as indicators of compromise, the chances of the bad guys winning will be dramatically reduced.

For this reason, the National Security Agency of the United States and the Government Communications Headquarters of the United Kingdom have been operating cybersecurity collaboration centers to promote collaborations between the private and public sectors. Information sharing is one of the main purposes of the centers. The philosophy behind these centers is rooted in the same conclusion: It is meaningless to make distinctions between the private and public sector or to draw lines between nations while cyberattacks are transnational. To read the full story, click here.

3. Military eyes cyber defense to neutralize North Korean nuclear weapons

Shin Beom-chul, South Korea’s vice defense minister, is delivering a welcoming speech at the White Hat Conference. Photo by the Cyber Operations Command of South Korea.

The South Korean military is seeking a more aggressive use of its cyber defense capabilities against North Korea’s nuclear threats.

“From now on, the South Korean military will expand its investments for implementing a soft kill [strategy] that could non-physically neutralize North Korea’s nuclear and missile threats,” Shin Beom-chul, South Korea’s vice defense minister, said Tuesday at the White Hat Conference hosted by the South Korean military.

The vice defense minister added that North Korea is not only threatening South Korea but also the international community with their advanced cyber warfare capabilities. To read the original reporting, click here.

4. Lessons learned from Russia-Ukraine War: Cell network security

Kim Yongdae, a professor in the Department of Electrical Engineering at KAIST, is delivering a keynote speech at the White Hat Conference, which took place on November 29 in Seoul. Photo by the Cyber Operations Command of South Korea.

As a defensive measure against future warfare, a nation must invest in new cellular technologies which are designed to prevent eavesdropping by a hostile country and protect mission critical infrastructure, an eminent expert in mobile security suggested on Tuesday.

“Ukraine has been winning victories in cyberspace against Russia because it was well prepared since 2016 and could secretly listen to the Russian forces’ conversions through cellular communication,” said Kim Yongdae, a professor in the Department of Electrical Engineering at KAIST.

While explaining a few of the reasons that Russia did not destroy the Ukrainian cellular networks while starting the war, such as to eavesdrop on the Ukrainian forces, Kim mentioned that the Ukrainian soldiers were also able to eavesdrop on the Russian soldiers’ telecommunications and locate where they were once they had invaded their territory. To read the original reporting, click here.

5. Cyber firm discovered new backdoor used by North Korean linked hackers

Source: ESET

A hacking group, who authorities say worked on the behalf of the North Korean government, used an unreported backdoor to attack a South Korean news organization focused on North Korea in 2021, a private cybersecurity firm reported.

According to a report released Wednesday by ESET, this backdoor is able to be used to spy on victims’ computers by monitoring drives, exfiltrating files, keylogging, taking screenshots, and stealing credentials from browsers. Keylogging is a type of monitoring software that can record and steal keystrokes that the user enters on a device.

In addition, this new backdoor, which the company named Dolphin, abuses cloud storage services, specifically Google Drive, for command and control communication. To read the original reporting, click here.


The cover image of this article was designed by Areum Hwang.

Dain Oh is an award-winning cybersecurity journalist based in South Korea and the founding editor-in-chief of The Readable by S2W. Before joining S2W, she worked as a reporter for The Electronic Times, the top IT newspaper in Korea, covering the cybersecurity industry on an in-depth level. She reported numerous exclusive stories, and her work related to the National Intelligence Service led to her being honored with the Journalist of the Year Award in 2021 by the Korea Institute of Information Security and Cryptology in a unanimous decision. She was also the first journalist to report on the hacking of vulnerable wallpads in South Korean apartments, which later became a nation-wide issue.

Kuksung Nam is a cybersecurity journalist for The Readable. She covers cybersecurity issues in South Korea, including the public and private sectors. Prior to joining The Readable, she worked as a political reporter for one of the top-five local newspapers in South Korea, The Kyeongin Ilbo, where she reported several exclusive stories regarding the misconduct of local government officials. She is currently focused on issues related to anti-fraud, as well as threats and crimes in cyberspace. She is a Korean native who is fluent in English and French, and she is interested in delivering the news to a global audience.