Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Follow the Clues: Everyday is lazarus.day
Search
JeongGak Lyu
January 21, 2025
Technology
22
0
Share
Embed
Copy iframe code
Copy JS code
Copy link
Start on current slide
Follow the Clues: Everyday is lazarus.day
This talk was presented at JSAC 2025.
JeongGak Lyu
January 21, 2025
More Decks by JeongGak Lyu
See All by JeongGak Lyu
Exploiting Trust: When a Trusted Security Solution Becomes a DPRK Trojan Horse
jglyu
0
14
공격자의 시선에서 바라본 금융보안: 사이버 복원력 강화를 위한 레드티밍 전략
jglyu
0
42
금융분야 침해사고 동향 및 시사점
jglyu
0
21
He is everywhere: A tale of Lazarus and his family
jglyu
0
43
Other Decks in Technology
See All in Technology
LayerXにおけるセキュリティ管理の現在地と次の一手
tosho
0
200
200個のGitHubリポジトリを横断調査したかった
icck
0
130
NAB Show 2026 動画技術関連レポート / NAB Show 2026 Report
cyberagentdevelopers
PRO
0
200
Android の公式 Skill / Android skills
yanzm
0
150
2026TECHFRESH畢業分享會 - Lightning Talk - 打造精準高效的 MCP 設計模式與測試實務
line_developers_tw
PRO
0
1.1k
2026TECHFRESH畢業分享會 - AI 時代的人生存檔點
line_developers_tw
PRO
0
1.1k
2026TECHFRESH畢業分享會 - 葬送的通靈師:化系統與用戶雜訊成行動訊號
line_developers_tw
PRO
0
1.1k
不要なレビューをAIにまかせて AIコーディングの環境改善を加速した
shoota
1
120
機械学習を「社会実装」するということ 2026年夏版 / Social Implementation of Machine Learning June 2026 Version
moepy_stats
6
2.4k
「エンジニア進化論」2028年の開発完全自動化、エンジニアはどう進化するか
cyberagentdevelopers
PRO
6
5.2k
AGENTS.mdとSkillsで始めるAIエージェント活用
sonoda_mj
3
210
Bedrock AgentCore RuntimeでAuth0 Changelog調査AIをアップグレードした話
t5u8a5a
1
160
Featured
See All Featured
Why You Should Never Use an ORM
jnunemaker
PRO
61
9.9k
SEO Brein meetup: CTRL+C is not how to scale international SEO
lindahogenes
1
2.7k
Git: the NoSQL Database
bkeepers
PRO
432
67k
Lightning Talk: Beautiful Slides for Beginners
inesmontani
PRO
2
580
Visualizing Your Data: Incorporating Mongo into Loggly Infrastructure
mongodb
49
10k
Visual Storytelling: How to be a Superhuman Communicator
reverentgeek
2
560
Navigating the Design Leadership Dip - Product Design Week Design Leaders+ Conference 2024
apolaine
1
350
AI Search: Implications for SEO and How to Move Forward - #ShenzhenSEOConference
aleyda
1
1.3k
The Illustrated Children's Guide to Kubernetes
chrisshort
51
52k
AI Search: Where Are We & What Can We Do About It?
aleyda
0
7.6k
Building an army of robots
kneath
306
46k
The Language of Interfaces
destraynor
162
27k
Transcript
2025-01-21 JeongGak Lyu @lazarusholic Follow the Clues Everyday is lazarus.day
The Evolving Threat Landscape Political or Social Agendas Financial Gain
Political Influence and Espionage DPRK State-Sponsored Threat Actors
Cyber Threat Intelligence Essentials The Pyramid of Pain CTI Lifecycle
Data Information Intelligence https://detect-respond.blogspot.com/2013/03/the-pyramid-of-pain.html https://www.gartner.com/document-reader/document/4056399
Threat Detection & Threat Hunting Proactive Approach Targets Unknown Threats
Searching for Evil Reactive Approach Focus on Known Threats Detecting Evil Rely on CTI & IOCs Mitigating Threats
Inside a CTI Report CTI Report Collections & Platforms •
DocIntel https://docintel.org/ • ioc[.]one https://ioc.one/ • Malpedia https://malpedia.caad.fkie.fraunhofer.de/ • ORKL https://orkl.eu/ • Threat Intelligence Reports https://mthcht.github.io/ThreatIntel-Reports/ • Vx Underground https://vx-underground.org/ Each Item can be a Clue
IOC Pivoting / Enrichment
IOC Pivoting with OSINT
Introduction to lazarus.day Reports 2,470 Actors 187 Incidents 187 Kimsuky
Lazarus ScarCruft Andariel Konni BlueNoroff DPRK FamousChollima
Everyday is lazarus.day cryptocopedia[.]com
Strategies for Enhanced Threat Intelligence Set Clear Goals! Automation, Automation,
Automation! Adopt Generative AI! Tools to Spark Ideas • Harpoon https://github.com/Te-k/harpoon • IntelOwl https://intelowlproject.github.io/ • Censeye https://github.com/Censys-Research/censeye • SecAI https://secai.ai/ • TI Mindmap https://github.com/format81/TI-Mindmap-GPT CTI Lifecycle
Conclusion • Following the Clues is an Endless Journey -
Requires Patience, Expertise and Investment • Maximize the Use of OSINT • Evaluate Your CTI Capability Maturity CTI Capability Maturity Model https://cti-cmm.org/ Asset Threat Risk Access Situation Response Thrid-Parties Fraud Workforce Architecture Program 0 25 50 75 100
Background Images: Unsplash Marek Piwnicki @lazarusholic https://lazarus.day Q & A
jglyu
tosho
icck
cyberagentdevelopers
yanzm
line_developers_tw
shoota
moepy_stats
sonoda_mj
t5u8a5a
jnunemaker
lindahogenes
bkeepers
inesmontani
mongodb
reverentgeek
apolaine
aleyda
chrisshort
kneath
destraynor
![Everyday is lazarus.day cryptocopedia[.]com](https://files.speakerdeck.com/presentations/c57e3ff4f93c4c08a10afd4dd2c7153c/slide_8.jpg){kind=link}
