Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Follow the Clues: Everyday is lazarus.day
Search
Sponsored
·
Your Podcast. Everywhere. Effortlessly.
Share. Educate. Inspire. Entertain. You do you. We'll handle the rest.
→
JeongGak Lyu
January 21, 2025
Technology
22
0
Share
Embed
Copy iframe code
Copy JS code
Copy link
Start on current slide
Follow the Clues: Everyday is lazarus.day
This talk was presented at JSAC 2025.
JeongGak Lyu
January 21, 2025
More Decks by JeongGak Lyu
See All by JeongGak Lyu
Exploiting Trust: When a Trusted Security Solution Becomes a DPRK Trojan Horse
jglyu
0
14
공격자의 시선에서 바라본 금융보안: 사이버 복원력 강화를 위한 레드티밍 전략
jglyu
0
42
금융분야 침해사고 동향 및 시사점
jglyu
0
21
He is everywhere: A tale of Lazarus and his family
jglyu
0
43
Other Decks in Technology
See All in Technology
Android の公式 Skill / Android skills
yanzm
0
150
Kiroで書いた 設計書 が AI レビューの 採点基準 になる
ezaki
0
110
AAIFに入ってみた ~内から見えるコミュニティ動向~
sato4
0
240
2026TECHFRESH畢業分享會 - AI 時代的人生存檔點
line_developers_tw
PRO
0
1.1k
AIエージェントが名古屋の猛暑からあなたを守る
happysamurai294
0
120
作って終わりにしない タイミーのセマンティックレイヤー育成の現在地
chanyou0311
4
2.4k
Oracle AI Database@Google Cloud:サービス概要のご紹介
oracle4engineer
PRO
6
1.5k
AIソロプレナー時代に2ヶ月で20人増員した事業創造会社の開発組織の話
miyatakoji
0
670
MCP Appsを作ってみよう
iwamot
PRO
4
660
AI駆動開発を通して感じた、 AI時代のデザイナーの役割変化
whisaiyo
3
2.2k
AIネイティブな開発のサプライチェーンリスク対策 〜激動の開発現場でリスクに立ち向かう〜【ZennFes】
cscengineer
PRO
2
130
【2026年版】 ベクトル検索䛸 Embedding最前線
mocobeta
0
170
Featured
See All Featured
AI: The stuff that nobody shows you
jnunemaker
PRO
8
710
Future Trends and Review - Lecture 12 - Web Technologies (1019888BNR)
signer
PRO
0
3.6k
Sharpening the Axe: The Primacy of Toolmaking
bcantrill
46
2.9k
Accessibility Awareness
sabderemane
1
140
So, you think you're a good person
axbom
PRO
2
2.1k
The Straight Up "How To Draw Better" Workshop
denniskardys
239
140k
Noah Learner - AI + Me: how we built a GSC Bulk Export data pipeline
techseoconnect
PRO
0
200
Leveraging Curiosity to Care for An Aging Population
cassininazir
1
270
10 Git Anti Patterns You Should be Aware of
lemiorhan
PRO
659
62k
Mozcon NYC 2025: Stop Losing SEO Traffic
samtorres
1
250
<Decoding/> the Language of Devs - We Love SEO 2024
nikkihalliwell
1
240
Leo the Paperboy
mayatellez
7
1.8k
Transcript
2025-01-21 JeongGak Lyu @lazarusholic Follow the Clues Everyday is lazarus.day
The Evolving Threat Landscape Political or Social Agendas Financial Gain
Political Influence and Espionage DPRK State-Sponsored Threat Actors
Cyber Threat Intelligence Essentials The Pyramid of Pain CTI Lifecycle
Data Information Intelligence https://detect-respond.blogspot.com/2013/03/the-pyramid-of-pain.html https://www.gartner.com/document-reader/document/4056399
Threat Detection & Threat Hunting Proactive Approach Targets Unknown Threats
Searching for Evil Reactive Approach Focus on Known Threats Detecting Evil Rely on CTI & IOCs Mitigating Threats
Inside a CTI Report CTI Report Collections & Platforms •
DocIntel https://docintel.org/ • ioc[.]one https://ioc.one/ • Malpedia https://malpedia.caad.fkie.fraunhofer.de/ • ORKL https://orkl.eu/ • Threat Intelligence Reports https://mthcht.github.io/ThreatIntel-Reports/ • Vx Underground https://vx-underground.org/ Each Item can be a Clue
IOC Pivoting / Enrichment
IOC Pivoting with OSINT
Introduction to lazarus.day Reports 2,470 Actors 187 Incidents 187 Kimsuky
Lazarus ScarCruft Andariel Konni BlueNoroff DPRK FamousChollima
Everyday is lazarus.day cryptocopedia[.]com
Strategies for Enhanced Threat Intelligence Set Clear Goals! Automation, Automation,
Automation! Adopt Generative AI! Tools to Spark Ideas • Harpoon https://github.com/Te-k/harpoon • IntelOwl https://intelowlproject.github.io/ • Censeye https://github.com/Censys-Research/censeye • SecAI https://secai.ai/ • TI Mindmap https://github.com/format81/TI-Mindmap-GPT CTI Lifecycle
Conclusion • Following the Clues is an Endless Journey -
Requires Patience, Expertise and Investment • Maximize the Use of OSINT • Evaluate Your CTI Capability Maturity CTI Capability Maturity Model https://cti-cmm.org/ Asset Threat Risk Access Situation Response Thrid-Parties Fraud Workforce Architecture Program 0 25 50 75 100
Background Images: Unsplash Marek Piwnicki @lazarusholic https://lazarus.day Q & A
jglyu
yanzm
ezaki
sato4
line_developers_tw
happysamurai294
chanyou0311
oracle4engineer
miyatakoji
iwamot
whisaiyo
cscengineer
mocobeta
jnunemaker
signer
bcantrill
sabderemane
axbom
denniskardys
techseoconnect
cassininazir
lemiorhan
samtorres
nikkihalliwell
mayatellez
![Everyday is lazarus.day cryptocopedia[.]com](https://files.speakerdeck.com/presentations/c57e3ff4f93c4c08a10afd4dd2c7153c/slide_8.jpg){kind=link}
