한수원 사이버공격 사고 분석

2015-04-02 • Issuemakers Lab • KHNP cyber attack incident analysis •

https://www.dailysecu.com/bbs/download.php?table=bbs_10&savefilename=bbs_10_1535_3323.pdf&filename=%ED%95%9C%EC%88%98%EC%9B%90%20%EC%82%AC%EC%9D%B4%EB%B2%84%EA%B3%B5%EA%B2%A9%20%EC%82%AC%EA%B3%A0%20%EB%B6%84%EC%84%9D-%ED%95%98%EC%9A%B0%EB%A6%AC%20%EC%B5%9C%EC%83%81%EB%AA%85%20%EC%84%BC%ED%84%B0%EC%9E%A5.pdf

#Kimsuky #KHNP #NNPTGroup #WhoamI

Attachments

한수원_사이버공격_사고_분석.pdf (4 MB)

The KHNP incident analysis describes the December 2014 cyberattack timeline, including thousands of phishing emails sent to more than 3,500 employees from hundreds of accounts, malicious Hangul documents, staged data leaks, and destructive malware activity. The malware used anti-VM logic, randomization, service registration filenames, time checks, network attack functions, file wiping, hard disk destruction, and MBR code. The slide deck compares KHNP malware with Kimsuky activity, including Korean document use, phishing emails, TeamViewer, C2 patterns, shellcode, and IP ranges, while recommending stronger controls around phishing, document malware, personal email storage, retirees, and suppliers.