[Weekend Briefing] Semiconductor security, Kimsuky, and LockBit

By Dain Oh, The Readable
Apr. 7, 2023 8:50PM GMT+9 Updated Apr. 8, 2023 1:30PM GMT+9

“Weekend Briefing” is a weekly newsletter that is sent to The Readable’s subscribers every Friday. Cybersecurity journalists for The Readable carefully select important news stories from the previous week and deliver them in a compact form. Topics encompass cybercrime, geopolitics, and privacy. There are no costs involved with a subscription, and some content, such as the monthly ransomware index report, is only available to those who subscribe to our newsletters.

Hello! This is Dain Oh in South Korea. The Readable has just published an exclusive story about the semiconductor security industry. The scoop gives our readers an insight into hardware security, as well as the latest news in mega chip manufacturers. In addition to this, an expert at Google, formerly with Mandiant, disclosed espionage activities carried out by the North Korean state-sponsored hacking group Kimsuky. Kuksung Nam for The Readable asked Google questions directly and wrote an article that readers cannot find from any other news publishers. The following news regarding the cybercrime gang LockBit, who claimed to have exposed sensitive data of the South Korean tax agency, was also released this week. An opinion article written by a cybersecurity expert is included in this briefing, along with our monthly ransomware index report. Have a great weekend!

1. Exclusive: Chip IP giant Rambus joins forces with security firm ICTK, extending trust in semiconductors

Designed by Sangseon Kim, The Readable

Rambus, a leading global silicon intellectual property (IP) provider headquartered in the United States, is partnering with a South Korean security firm that specializes in System-on-Chip (SoC) security. Rambus is advising their customers to adopt the safeguarding technology developed by the South Korean firm.

Rambus and ICTK Holdings signed a Memorandum of Understanding (MoU) on March 28 after two years of discussions regarding their collaboration on semiconductor and security IP. According to a memo regarding the MoU obtained by The Readable, the two companies agreed to “advocate for the use of” each other’s security IP to their customers as part of the partnership.

ICTK Holdings provides security IP that originates from the physical unclonable function (PUF), a technology for a hardware root of trust. The PUF incorporates security in the design phase of hardware, giving individual chips a unique identification key which is sealed in the silicon in an encrypted form. The security firm has developed a proprietary “VIA PUF” technology, which uses the random formation of via holes in semiconductor manufacturing process. To read the full story, click here.

2. Google discloses North Korean cyberespionage closely linked to missile tests

Designed by Areum Hwang, The Readable

The hacking group Kimsuky, which works for the North Korean government, is expected to increase their cyberespionage campaigns as the country continues to conduct their ballistic missile program, according to a cyber threat expert on Tuesday.

“As we see more and more missile tests from North Korea, we will see more and more activities from the advanced persistent threat (APT) 43,” said Luke McNamara, a principal analyst at Google and previously at Mandiant before its acquisition by Google, in a media briefing held in Seoul. APT43 is a name given to the North Korean state-sponsored hacking group by the threat intelligence company that has been tracking the hacking group’s activities since 2018.

In the words of the expert, the hacking group has been conducting cyberespionage campaigns against policymakers and researchers to gather information on nuclear policy, sending compromised emails several hours after they launched basilic missiles. These activities have been crucial to the North Korean government, as they have scarce resources regarding foreign intelligence agents. To read the full story, click here.

3. South Korean tax agency was not affected despite hackers’ claim

Designed by Areum Hwang, The Readable

The National Tax Service said on Monday that they have found no evidence of data disclosure by the ransomware hacking group LockBit and stated that there was no impact on South Korean taxpayers’ records.

The NTS has been cautiously monitoring the hackers’ activities after the attackers posted the agency’s domain name on their leak site on March 29, claiming that they would publish sensitive files on April 1. A spokesperson at the NTS notified The Readable on April 1, saying that there was no information leak.

On April 3, the South Korean tax agency confirmed again to The Readable that they have found no evidence of a cyberattack deployed by the cybercriminals so far. LockBit is a notorious ransomware group, using their leak site on the dark web to reveal data that they have stolen from companies across the globe. To read the full story, click here.

4. Opinion: Data is shifting to public clouds ahead of readiness to secure it

Ravi Ithal, Founder and CTO of Normalyze

Back when thieves physically stole cash and treasure from bank vaults, an infamous criminal was asked, “Why do you rob banks?” “Because that’s where the money is,” he replied.

The modern version of treasure is data—especially the sensitive data of customers, business operations, and intellectual property. These types of data are prime targets for cyber criminals because their theft can be easily converted to cash or Bitcoin. For this reason, data security professionals must ask themselves every day: “Is our data secure?” If your data is stored in or moved through the cloud, your company’s treasure is very likely to have security exposure. To read the full story, click here.

5. Ransomware index report: March 2023

The Readable’s subscribers can access a monthly ransomware report by S2W. The report includes specific numbers about ransomware groups and their victims in addition to the numbers of newly opened data leak sites by ransomware groups. By reviewing these numbers, our readers will be able to get an idea of the overall threat landscape of the ransomware ecosystem. Sojun Ryu for The Readable provides reports representing his team’s work regarding threat intelligence. To read the current report, click here.


The cover image of this article was designed by Sangseon Kim and Areum Hwang.

Dain Oh is a distinguished journalist based in South Korea, recognized for her exceptional contributions to the field. As the founder and editor-in-chief of The Readable, she has demonstrated her expertise in leading media outlets to success. Prior to establishing The Readable, Dain was a journalist for The Electronic Times, a prestigious IT newspaper in Korea. During her tenure, she extensively covered the cybersecurity industry, delivering groundbreaking reports. Her work included exclusive stories, such as the revelation of incident response information sharing by the National Intelligence Service. These accomplishments led to her receiving the Journalist of the Year Award in 2021 by the Korea Institute of Information Security and Cryptology, a well-deserved accolade bestowed upon her through a unanimous decision. Dain has been invited to speak at several global conferences, including the APEC Women in STEM Principles and Actions, which was funded by the U.S. State Department. Additionally, she is an active member of the Asian American Journalists Association, further exhibiting her commitment to journalism.