[CTI Korea 2022] Advanced persistent threats and intelligence

The Cyber Threat Intelligence Korea Conference was held on Wednesday, gathering leaders and experts in the cybersecurity industry in one place. The Readable, as the media sponsor for the conference, has highlighted some of the important statements by the speakers. You can also find more information about the speeches in the news articles that we published for the last few days. The conference was hosted by the Korea Cloud Security Association and SSNC.

[TeamT5] Liao ZihCing, threat intelligence researcher of TeamT5

“We have monitored Clouddragon, the North Korean state sponsored advanced persistent threat group, for over three years. The biggest difference between Clouddragon and the other adversaries is that they not only run cyberespionage campaigns, but also conduct cybercriminal activities. The interesting point that we have found this year is the connection between Clouddragon and the subgroup of Kimsuky.”

[Recorded Future] Youn Kwang-taek, CTO of Recorded Future APAC

“The most important aspect in the intelligence landscape is knowing the facts that only matter to you. Imagine you read an article about a robber who stabbed someone. You would not be worried about the robbery if it happened far away from the place where you live. However, we all have to take extra safety precautions if that incident occurs in our neighborhood. What matters most is the information that is related to you. And that is the intelligence.”

“Once someone’s credentials are exposed onto the dark web, that data will be recycled by threat actors repeatedly. Consequently, the person should stop using those credentials to prevent additional breaches. Anyone can be penetrated, but it is important for us to be proactive in response to further exposures by detecting those kinds of threats early enough. Also, it is a huge mistake to think that hackers will only steal your IDs and passwords. There are malicious codes to be deployed for stealing practically everything in your computer network.”

“One of our biggest concerns is related to the North Korean state sponsored hackers. Is there anyone in here who knows all the names of the North Korean hacking groups? They are forming new groups and conducting their activities in cyberspace. It is not easy to keep track of their names and activities. We need solutions to address this issue.”

[KCSA] Bae Hwan-kook, Chairman of Korea Cloud Security Association and CEO of Softcamp

“Cyberattacks are being divided into pieces. People are requesting specific hacking capabilities. There are individuals who just want to buy cyber weapons, and there are those who only search for an attacker.”

“The term intelligence is at the highest level of importance compared to the term data and information. It means explaining the threat landscape in a cybersecurity context. The threat intelligence has evolved to the point where analysts uncover the intent of attackers, identify targets, and provide remedies to the victims of attacks.”

“There are three principles to zero trust security. Although it could be varied, the baseline is to verify explicitly, grant the least privileged access, and assume a breach.”

You can find more stories here:

[Group-IB] AI helped crime investigators identify hacker in half-day

[TeamT5] US, China expected to meet at the next cyber frontline in East Asia

Please leave this field empty

Subscription

Subscribe to our newsletter for the latest insights and trends. Tailor your subscription to fit your interests:

Email Address *

By subscribing, you agree to our Privacy Policy. We respect your privacy and are committed to protecting your personal data. Your email address will only be used to send you the information you have requested, and you can unsubscribe at any time through the link provided in our emails.

Your subscription to The Readable's newsletter has been successfully processed. Welcome to our community of cybersecurity enthusiasts and experts!