VB2018-Naumaan.pdf (1 MB)

BAE Systems examines wiper malware as an increasingly common tactic in state-sponsored operations and classifies its use into espionage, sabotage, and diversion. The DPRK-relevant sections cite DarkSeoul as a sabotage example and note that wipers appeared in targeted attacks as early as 2009 through Dozer activity against South Korean targets. The paper also links Lazarus activity to cases where wipers were used to remove evidence or distract from non-destructive objectives, including bank-heist contexts such as Hermes and MBR Killer. Its technical framing explains that wipers may target files, boot records, backups, file tables, or partition structures, showing why destructive payloads can both damage victims and impede incident response.