202320CodeEngn20Conference20192C20Analyzing20North20Korean20Hackin_BakyLvC.pdf (4 MB)

The CodeEngn presentation reviews North Korean hacking groups and malware evolution across recent campaigns. It summarizes 2020-2022 statistics showing that North Korean actors used vulnerability exploitation and watering-hole techniques but relied most heavily on email-based attacks, with phishing accounting for 74 percent of observed activity. The material profiles Lazarus, Kimsuky, ScarCruft/APT37, and Andariel, noting campaigns against South Korean institutions, defense targets, journalists, North Korea-related experts, mobile devices, cloud-service backdoors, and certificate-software vulnerabilities.