2023 The First Half Activities Summary of Ransomware Threat Actors (JPN)
NSHCの脅威解析研究所(Threat Research Lab)は、2023年の上半期にランサムウェア(Ransomware)を使ったハッキンググループのハッキング活動情報を分析した。
NSHCの脅威解析研究所(Threat Research Lab)は、2023年の上半期にランサムウェア(Ransomware)を使ったハッキンググループのハッキング活動情報を分析した。
This document describes the results of analyzing hacking activity information of hacking groups using ransomware by ThreatRecon Team during the first half of 2023.
본 보고서에서는 2023년 상반기 동안ThreatRecon Team에서 분석한 랜섬웨어를 이용한 해킹 그룹들의 해킹 활동 정보를 분석한 결과를 포함하고 있다.
In 2022, hacking activities by a total of 32 SectorJ subgroups were identified. Unlike other government supported hacking groups, these groups mainly carry out hacking activities with the aim of securing financial resources. They steal online information with monetary value, or directly hacks specific companies and organizations to disseminate ransomware in the internal network, or steal critical industry secret and demand for ransom in return.
In 2022, hacking activities by a total of 9 SectorD subgroups were identified. The groups primarily conducted hacking activities targeting countries under political dispute with the government that supports the groups. Recently, SectorD groups have been analyzed to be collecting advanced information such as political and diplomatic activities of individuals and governments against the government that supports the groups.
In 2022, hacking activities by a total of 11 SectorC subgroups were identified. The groups carry the aim of collecting advanced information such as political and diplomatic activities of governments of countries bordering the government that supports the groups, as well as around the world.
In 2022, hacking activiites by a total of 22 SectorB subgroups were identified. The groups carry the aim of collecting advanced information such as political and diplomatic activities of worldwide government institutions. These groups show a trend of sharing malwares or vulnerabilities with one another to carry out their hacking activities.
In 2022, hacking activities by a total of 7 SectorA subgroups were identified. The groups carry the aim of collecting advanced information such as political and diplomatic activities of the South Korean government, and simultaneously conduct hacking activities around the globe to secure financial resources.
2022년 총 32개의 SectorJ 하위 그룹들의 해킹 활동이 발견되었다. 이들은 다른 정부 지원 해킹 그룹들과 다르게 현실 세계에서 금전적인 이윤을 확보할 수 있는 재화적 가치가 있는 온라인 정보들을 탈취하거나, 직접적으로 특정 기업 및 조직들을 해킹 한 후 내부 네트워크에 랜섬웨어(Ransomware)를 유포하거나, 중요 산업 기밀을 탈취한 후 이를 빌미로 금전적 대가를 요구하는 협박 활동 등을 수행한다.
2022년 총 11개의 SectorC 하위 그룹들의 해킹 활동이 발견되었다. 이들은 해킹 그룹을 지원하는 국가와 인접한 국가를 포함한 전 세계를 대상으로 각 국가들의 정부 기관의 정치, 외교 활동 등 정부 활동 관련 고급 정보를 수집하기 위한 목적으로 분석된다.