Since the hacking of Sony Pictures

Presented at VB2018, Oct. 3, 2018, 5 p.m. (30 minutes)

The *Sony Pictures* hack occurred in 2014, and the news that the company's internal data had been destroyed and confidential data had been leaked was publicized worldwide. When Korean malware researchers first heard about the attack, they recalled the attacks against Korean banks and media companies between 2011 and 2013. But they didn't anticipate a connection with this attack. When more information on the malware was released, it came as quite a surprise to find that it contained similar code to malware which had already been found in Korea. The Lazarus group, which includes Red Dot and Labyrinth Chollima, became well known to the press and the security community outside of Korea because of the *Sony Pictures* hack. Malicious code that is similar to the code used in the *Sony Pictures* hack is still being used in targeted attacks on Korean companies and institutions. In 2015, a zero-day exploit targeted the participants of the Seoul ADEX 2015 conference using a *Hangul* vulnerability and, in 2016, a *Windows* zero-day vulnerability was used to hack various ICT companies and web-hosting providers. The group is also suspected of attacking a cryptocurrency exchange. In this presentation, I will describe various attacks in Korea which occurred after the *Sony* incident and are suspected to be the works of the Lazarus group. I will also analyse and find the changes in the malware code.

Presenters:

• Minseok - Jacky) Cha (AhnLab
  Minseok (Jacky) Cha Minseok (Jacky) Cha is a senior principal malware researcher at AhnLab. He joined AhnLab as a malware analyst in 1997. He is a member of AVAR (Association of Anti-Virus Asia Researches) and a reporter for the WildList Organization International. He has been appointed as a member of the Private/Public Cooperative Investigation Group and Cyber Expert Group in South Korea. He is a speaker at security conferences, including AVAR Conference, CARO Workshop, CodeEngn, CodeGate, ISCR (International Symposium on Cybercrime Response) and others. When he has free time, he enjoys old video games and old anime. @mstoned7

Links:

• https://www.virusbulletin.com/conference/vb2018/abstracts/hacking-sony-pictures
• https://www.virusbulletin.com/uploads/pdf/conference_slides/2018/Cha-VB2018-HackingSonyPictures.pdf
• https://www.virusbulletin.com/virusbulletin/2018/11/vb2018-paper-hacking-sony-pictures/

Similar Presentations:

• Black Hat Europe 2020 Virtual / From Zero to Sixty: The Story of North Korea's Rapid Ascent to Becoming a Global Cyber Superpower
• VB2018 / DOKKAEBI: Documents of Korean and Evil Binary
• VB2018 / Lazarus Group: one mahjong game played with different sets of tiles