Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Follow the Clues: Everyday is lazarus.day
Search
JeongGak Lyu
January 21, 2025
Technology
21
0
Share
Follow the Clues: Everyday is lazarus.day
This talk was presented at JSAC 2025.
JeongGak Lyu
January 21, 2025
More Decks by JeongGak Lyu
See All by JeongGak Lyu
Exploiting Trust: When a Trusted Security Solution Becomes a DPRK Trojan Horse
jglyu
0
10
공격자의 시선에서 바라본 금융보안: 사이버 복원력 강화를 위한 레드티밍 전략
jglyu
0
41
금융분야 침해사고 동향 및 시사점
jglyu
0
19
He is everywhere: A tale of Lazarus and his family
jglyu
0
42
Other Decks in Technology
See All in Technology
AI-DLCを活用した高品質・安全なAI駆動開発実践 / AI Driven Development
yoshidashingo
0
200
Claude Codeですべての日常業務を爆速化しよう!
minorun365
PRO
16
15k
イベントで大活躍する電子ペーパー名札 〜その3〜 / ビジュアルプログラミングIoTLT vol.23
you
PRO
0
160
自称宇宙最速で不合格となったAIP-C01にリベンジを果たすべくAIで問題集アプリを作ってみた。
yama3133
0
230
Dynamic Workersについて
yusukebe
1
310
大学生が本気でDatabricksを活用してDiscordサークルをデータ駆動させてみた
phantomjuju
0
260
食べログのサーキットブレーカー導入を振り返って
atpons
1
150
GitHub Copilot のこれまでとこれから: From Copilot to Collaborative Agents
yuriemori
1
230
大規模災害時でも高い信頼性を維持するアプリケーション基盤の実現/nikkei-tech-talk46
nikkei_engineer_recruiting
0
110
LLM時代のリファクタリング戦略_AIエージェントによる段階的・安全なTS移行方法
play_inc
0
440
組織の中で自分を経営する技術
shoota
0
210
AIが変えた"品質の守り方"
kkakizaki
13
5.2k
Featured
See All Featured
Utilizing Notion as your number one productivity tool
mfonobong
4
310
Color Theory Basics | Prateek | Gurzu
gurzu
0
320
My Coaching Mixtape
mlcsv
0
130
The Anti-SEO Checklist Checklist. Pubcon Cyber Week
ryanjones
0
140
No one is an island. Learnings from fostering a developers community.
thoeni
21
3.7k
We Analyzed 250 Million AI Search Results: Here's What I Found
joshbly
1
1.3k
How Fast Is Fast Enough? [PerfNow 2025]
tammyeverts
3
590
ピンチをチャンスに:未来をつくるプロダクトロードマップ #pmconf2020
aki_iinuma
128
55k
Into the Great Unknown - MozCon
thekraken
41
2.5k
Distributed Sagas: A Protocol for Coordinating Microservices
caitiem20
333
22k
Winning Ecommerce Organic Search in an AI Era - #searchnstuff2025
aleyda
1
2k
Information Architects: The Missing Link in Design Systems
soysaucechin
0
940
Transcript
2025-01-21 JeongGak Lyu @lazarusholic Follow the Clues Everyday is lazarus.day
The Evolving Threat Landscape Political or Social Agendas Financial Gain
Political Influence and Espionage DPRK State-Sponsored Threat Actors
Cyber Threat Intelligence Essentials The Pyramid of Pain CTI Lifecycle
Data Information Intelligence https://detect-respond.blogspot.com/2013/03/the-pyramid-of-pain.html https://www.gartner.com/document-reader/document/4056399
Threat Detection & Threat Hunting Proactive Approach Targets Unknown Threats
Searching for Evil Reactive Approach Focus on Known Threats Detecting Evil Rely on CTI & IOCs Mitigating Threats
Inside a CTI Report CTI Report Collections & Platforms •
DocIntel https://docintel.org/ • ioc[.]one https://ioc.one/ • Malpedia https://malpedia.caad.fkie.fraunhofer.de/ • ORKL https://orkl.eu/ • Threat Intelligence Reports https://mthcht.github.io/ThreatIntel-Reports/ • Vx Underground https://vx-underground.org/ Each Item can be a Clue
IOC Pivoting / Enrichment
IOC Pivoting with OSINT
Introduction to lazarus.day Reports 2,470 Actors 187 Incidents 187 Kimsuky
Lazarus ScarCruft Andariel Konni BlueNoroff DPRK FamousChollima
Everyday is lazarus.day cryptocopedia[.]com
Strategies for Enhanced Threat Intelligence Set Clear Goals! Automation, Automation,
Automation! Adopt Generative AI! Tools to Spark Ideas • Harpoon https://github.com/Te-k/harpoon • IntelOwl https://intelowlproject.github.io/ • Censeye https://github.com/Censys-Research/censeye • SecAI https://secai.ai/ • TI Mindmap https://github.com/format81/TI-Mindmap-GPT CTI Lifecycle
Conclusion • Following the Clues is an Endless Journey -
Requires Patience, Expertise and Investment • Maximize the Use of OSINT • Evaluate Your CTI Capability Maturity CTI Capability Maturity Model https://cti-cmm.org/ Asset Threat Risk Access Situation Response Thrid-Parties Fraud Workforce Architecture Program 0 25 50 75 100
Background Images: Unsplash Marek Piwnicki @lazarusholic https://lazarus.day Q & A
jglyu
yoshidashingo
minorun365
you
yama3133
yusukebe
phantomjuju
atpons
yuriemori
nikkei_engineer_recruiting
play_inc
shoota
kkakizaki
mfonobong
gurzu
mlcsv
ryanjones
thoeni
joshbly
tammyeverts
aki_iinuma
thekraken
caitiem20
aleyda
soysaucechin
![Everyday is lazarus.day cryptocopedia[.]com](https://files.speakerdeck.com/presentations/c57e3ff4f93c4c08a10afd4dd2c7153c/slide_8.jpg){kind=link}
