Threat Actor group targeting Russian nuclear power plants

이 보고서는 러시아 원자력 발전소를 대상으로 해킹을 시도하는 스피어 피싱 메일에서 사용된 악성코드에 대한 분석 보고서이다. 러시아를 대상으로 활동하는 것으로 판단되는 해킹 그룹은 2018년에도 러시아의 원자력 발전소를 포함한 여러 산업군들 대상으로 한 해킹 활동이 발견된 적이 있다. 본 보고서에서는 이번 해킹 활동 뿐 아니라, 2018년 발견된 해킹 활동을 포함하여 해당 해킹 그룹의 특징과 악성코드 동작 방식에 대해 다룬다.

Monthly Threat Actor Group Intelligence Report, December 2020

This is a summary of activity of suspected state sponsored Threat Actor Groups analyzed by the ThreatRecon Team, based on data and information collected from November 21, 2020 to December 20, 2020.

Monthly Threat Actor Group Intelligence Report, November 2020

This is a summary of activity of suspected state sponsored Threat Actor Groups analyzed by the ThreatRecon Team, based on data and information collected from October 21, 2020 to November 20, 2020.

Monthly Threat Actor Group Intelligence Report, October 2020

This is a summary of activity of suspected state sponsored Threat Actor Groups analyzed by the ThreatRecon Team, based on data and information collected from September 17, 2020 to October 20, 2020.

Monthly Threat Actor Group Intelligence Report, September 2020

This is a summary of activity of suspected state sponsored Threat Actor Groups analyzed by the ThreatRecon Team, based on data and information collected from August 21, 2020 to September 16, 2020.

Monthly Threat Actor Group Intelligence Report, August 2020

This is a summary of activity of suspected state sponsored Threat Actor Groups analyzed by the ThreatRecon Team, based on data and information collected from July 21, 2020 to August 20, 2020.

Monthly Threat Actor Group Intelligence Report, July 2020

This is a summary of activity of suspected state sponsored Threat Actor Groups analyzed by the ThreatRecon Team, based on data and information collected from June 21, 2020 to July 20, 2020.

Monthly Threat Actor Group Intelligence Report, June 2020

This is a summary of activity of suspected state sponsored Threat Actor Groups analyzed by the ThreatRecon Team, based on data and information collected from May 21, 2020 to June 20, 2020.

Monthly Threat Actor Group Intelligence Report, May 2020

This is a summary of activity of suspected state sponsored Threat Actor Groups analyzed by the ThreatRecon Team, based on data and information collected from April 21, 2020 to May 20, 2020.

Activities of the SectorJ17 hacking group aimed at stealing user information

At the end of 2019, a hacking activity of SectorJ17 group targeting manufacturing and other industrial facilities in South Korea was found.
The SectorJ17 group is a cybercrime hacking group aimed at earning monetary profit. They have been active since 2014 until now and more active activities have been found since 2018.