Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Follow the Clues: Everyday is lazarus.day

Avatar for JeongGak Lyu JeongGak Lyu
January 21, 2025
Technology
21
0

Follow the Clues: Everyday is lazarus.day

This talk was presented at JSAC 2025.

Avatar for JeongGak Lyu

JeongGak Lyu

January 21, 2025

More Decks by JeongGak Lyu

See All by JeongGak Lyu
Exploiting Trust: When a Trusted Security Solution Becomes a DPRK Trojan Horse
Avatar for JeongGak Lyu jglyu
0
10
공격자의 시선에서 바라본 금융보안: 사이버 복원력 강화를 위한 레드티밍 전략
Avatar for JeongGak Lyu jglyu
0
41
금융분야 침해사고 동향 및 시사점
Avatar for JeongGak Lyu jglyu
0
19
He is everywhere: A tale of Lazarus and his family
Avatar for JeongGak Lyu jglyu
0
42

Other Decks in Technology

See All in Technology
プラットフォームエンジニア ワークショップ/ platform-workshop
Avatar for Databricks Japan databricksjapan
0
110
オンコールの負荷軽減のためのBits Assistant 活用方法 / How to Use Bits Assistant to Reduce the Workload on On-Call Staff
Avatar for SMS tech sms_tech
1
300
類似画像検索モデルの開発ノウハウ
Avatar for LINEヤフーTech (LY Corporation Tech) lycorptech_jp
PRO
4
1k
テストコードのないプロジェクトにテストを根付かせる
Avatar for Toru Takahashi tttol
0
220
Fabric-cicd によるAzure DevOps デプロイ
Avatar for Ryoma Nagata ryomaru0825
0
110
Datadog 認定試験の概要と対策
Avatar for Uechi Shingo uechishingo
0
150
Oracle Cloud Infrastructure:2026年5月度サービス・アップデート
Avatar for oracle4engineer oracle4engineer
PRO
1
230
Kiro CLI v2.0.0がやってきた!
Avatar for Hiroo Katoh kentapapa
0
210
食べログのサーキットブレーカー導入を振り返って
Avatar for atpons atpons
1
150
管理アカウント単一運用からAWS Organizationsに移行するの大変で滅
Avatar for 平目 hiramax
0
300
Anthropic AIネイティブ・スタートアップ構築のプレイブック を理解する
Avatar for 長津孝輔 nagatsu
0
210
インフラが苦手でも大丈夫! 紙芝居 Kubernetes -WWGT 10周年編-
Avatar for Aoi Takahashi aoi1
1
300

Featured

See All Featured
Optimizing for Happiness
Avatar for Tom Preston-Werner mojombo
378
71k
The World Runs on Bad Software
Avatar for Brandon Keepers bkeepers
PRO
72
12k
[RailsConf 2023 Opening Keynote] The Magic of Rails
Avatar for Eileen M. Uchitelle eileencodes
31
10k
Leo the Paperboy
Avatar for Maya Tellez mayatellez
7
1.8k
Neural Spatial Audio Processing for Sound Field Analysis and Control
Avatar for NII S. Koyama's Lab skoyamalab
0
310
The Straight Up "How To Draw Better" Workshop
Avatar for Dennis Kardys denniskardys
239
140k
How to Grow Your eCommerce with AI & Automation
Avatar for Katarina Dahlin katarinadahlin
PRO
1
190
How to Think Like a Performance Engineer
Avatar for Harry Roberts csswizardry
28
2.6k
The Impact of AI in SEO - AI Overviews June 2024 Edition
Avatar for Aleyda Solis aleyda
5
1.1k
Navigating Algorithm Shifts & AI Overviews - #SMXNext
Avatar for Aleyda Solis aleyda
1
1.2k
Deep Space Network (abreviated)
Avatar for Tony Rice tonyrice
0
150
VelocityConf: Rendering Performance Case Studies
Avatar for Addy Osmani addyosmani
333
25k

Transcript

  1. 2025-01-21 JeongGak Lyu @lazarusholic Follow the Clues Everyday is lazarus.day

  2. The Evolving Threat Landscape Political or Social Agendas Financial Gain

    Political Influence and Espionage DPRK State-Sponsored Threat Actors

  3. Cyber Threat Intelligence Essentials The Pyramid of Pain CTI Lifecycle

    Data Information Intelligence https://detect-respond.blogspot.com/2013/03/the-pyramid-of-pain.html https://www.gartner.com/document-reader/document/4056399

  4. Threat Detection & Threat Hunting Proactive Approach Targets Unknown Threats

    Searching for Evil Reactive Approach Focus on Known Threats Detecting Evil Rely on CTI & IOCs Mitigating Threats

  5. Inside a CTI Report CTI Report Collections & Platforms •

    DocIntel https://docintel.org/ • ioc[.]one https://ioc.one/ • Malpedia https://malpedia.caad.fkie.fraunhofer.de/ • ORKL https://orkl.eu/ • Threat Intelligence Reports https://mthcht.github.io/ThreatIntel-Reports/ • Vx Underground https://vx-underground.org/ Each Item can be a Clue

  6. IOC Pivoting / Enrichment

  7. IOC Pivoting with OSINT

  8. Introduction to lazarus.day Reports 2,470 Actors 187 Incidents 187 Kimsuky

    Lazarus ScarCruft Andariel Konni BlueNoroff DPRK FamousChollima

  9. Everyday is lazarus.day cryptocopedia[.]com

  10. Strategies for Enhanced Threat Intelligence Set Clear Goals! Automation, Automation,

    Automation! Adopt Generative AI! Tools to Spark Ideas • Harpoon https://github.com/Te-k/harpoon • IntelOwl https://intelowlproject.github.io/ • Censeye https://github.com/Censys-Research/censeye • SecAI https://secai.ai/ • TI Mindmap https://github.com/format81/TI-Mindmap-GPT CTI Lifecycle

  11. Conclusion • Following the Clues is an Endless Journey -

    Requires Patience, Expertise and Investment • Maximize the Use of OSINT • Evaluate Your CTI Capability Maturity CTI Capability Maturity Model https://cti-cmm.org/ Asset Threat Risk Access Situation Response Thrid-Parties Fraud Workforce Architecture Program 0 25 50 75 100

  12. Background Images: Unsplash Marek Piwnicki @lazarusholic https://lazarus.day Q & A