[CTI Korea 2022] Advanced persistent threats and intelligence

By Kuksung Nam and Dain Oh, The Readable
Dec. 9, 2022 8:28PM KST

The Cyber Threat Intelligence Korea Conference was held on Wednesday, gathering leaders and experts in the cybersecurity industry in one place. The Readable, as the media sponsor for the conference, has highlighted some of the important statements by the speakers. You can also find more information about the speeches in the news articles that we published for the last few days. The conference was hosted by the Korea Cloud Security Association and SSNC.

[TeamT5] Liao ZihCing, threat intelligence researcher of TeamT5

“We have monitored Clouddragon, the North Korean state sponsored advanced persistent threat group, for over three years. The biggest difference between Clouddragon and the other adversaries is that they not only run cyberespionage campaigns, but also conduct cybercriminal activities. The interesting point that we have found this year is the connection between Clouddragon and the subgroup of Kimsuky.”

[Recorded Future] Youn Kwang-taek, CTO of Recorded Future APAC

“The most important aspect in the intelligence landscape is knowing the facts that only matter to you. Imagine you read an article about a robber who stabbed someone. You would not be worried about the robbery if it happened far away from the place where you live. However, we all have to take extra safety precautions if that incident occurs in our neighborhood. What matters most is the information that is related to you. And that is the intelligence.”

“Once someone’s credentials are exposed onto the dark web, that data will be recycled by threat actors repeatedly. Consequently, the person should stop using those credentials to prevent additional breaches. Anyone can be penetrated, but it is important for us to be proactive in response to further exposures by detecting those kinds of threats early enough. Also, it is a huge mistake to think that hackers will only steal your IDs and passwords. There are malicious codes to be deployed for stealing practically everything in your computer network.”

“One of our biggest concerns is related to the North Korean state sponsored hackers. Is there anyone in here who knows all the names of the North Korean hacking groups? They are forming new groups and conducting their activities in cyberspace. It is not easy to keep track of their names and activities. We need solutions to address this issue.”

[KCSA] Bae Hwan-kook, Chairman of Korea Cloud Security Association and CEO of Softcamp

“Cyberattacks are being divided into pieces. People are requesting specific hacking capabilities. There are individuals who just want to buy cyber weapons, and there are those who only search for an attacker.”

“The term intelligence is at the highest level of importance compared to the term data and information. It means explaining the threat landscape in a cybersecurity context. The threat intelligence has evolved to the point where analysts uncover the intent of attackers, identify targets, and provide remedies to the victims of attacks.”

“There are three principles to zero trust security. Although it could be varied, the baseline is to verify explicitly, grant the least privileged access, and assume a breach.”

[Group-IB] AI helped crime investigators identify hacker in half-day

[TeamT5] US, China expected to meet at the next cyber frontline in East Asia


The cover image of this article was designed by Sangseon Kim.

Kuksung Nam is a cybersecurity journalist for The Readable. She covers cybersecurity issues in South Korea, including the public and private sectors. Prior to joining The Readable, she worked as a political reporter for one of the top-five local newspapers in South Korea, The Kyeongin Ilbo, where she reported several exclusive stories regarding the misconduct of local government officials. She is currently focused on issues related to anti-fraud, as well as threats and crimes in cyberspace. She is a Korean native who is fluent in English and French, and she is interested in delivering the news to a global audience.

Dain Oh is an award-winning cybersecurity journalist based in South Korea and the founding editor-in-chief of The Readable by S2W. Before joining S2W, she worked as a reporter for The Electronic Times, the top IT newspaper in Korea, covering the cybersecurity industry on an in-depth level. She reported numerous exclusive stories, and her work related to the National Intelligence Service led to her being honored with the Journalist of the Year Award in 2021 by the Korea Institute of Information Security and Cryptology in a unanimous decision. She was also the first journalist to report on the hacking of vulnerable wallpads in South Korean apartments, which later became a nation-wide issue.