wp_the-heartbeat-apt-campaign.pdf (3 MB)

Trend Micro’s HeartBeat research describes a targeted campaign that had pursued South Korean government-related organizations and communities since at least 2009. Identified victims included a national policy research institute, a branch of the South Korean armed forces, small business-sector organizations, and branches of the South Korean government. The activity used tailored campaign operations to deliver a RAT component, first found in a Korean newspaper company network in June 2012, with earlier malware evidence dating to November 2009. The paper focuses on the attack vector, RAT behavior, persistence, command-and-control communications, campaign codes, and relationships among C2 domains, IPs, and campaigns, giving defenders a basis for tracking victimology and infrastructure over time.