Tech_Report_Defense20Industry.pdf (328 KB)

AhnLab’s defense-industry study describes sustained cyberattacks against defense manufacturers and related political or diplomatic sectors from 2010 onward, with attackers seeking trade secrets and national-security information. The DPRK-relevant portion names Operation Red Dot and Operation Ghost Rifle among the groups tracked against South Korean and Japanese government or defense targets, with Red Dot active through early 2017 and potentially linked in the excerpt to the Sony Pictures attack. Ghost Rifle emerged in 2015 using Rifdoor and Ghostrat and collaborated with Red Dot against companies participating in a 2015 South Korean defense industry conference. The attack methods highlighted include tailored email attachments, watering-hole compromise, and abuse of central management systems to distribute malware across connected computers.