@BushidoToken Threat Intel

  Sophisticated computer security breaches in some of the most heavily defended networks around the world have been orchestrated by so-called Advanced Persistent Threats (APT) groups. Many of these APTs operate on behalf of a nation state’s intelligence agency or military. They can even be private sector hacking groups, hired for specific operations. An APT group specialises in gaining access, maintaining it, and executing post-exploitative activities while remaining undiscovered. There are also many types of APT attack campaigns. This can include, but is not limited to, intelligence gathering operations, intellectual property theft, sabotage and data destruction, and exploitation for financial gain. Intelligence gathering, cyber-espionage One such APT that exemplifies this type of behaviour is known as the Naikon APT group. In May 2020, Check Point disclosed new evidence of an ongoing cyber-espionage campaign against several national government entities in the Asia Pacific (APAC) ...

UPDATE - 29.06.2022: On 28 June 2022, NKNews.org cited this blog in their research on DarkHotel. In November 2021, I decided to revisit this blog and rethink some of the things I said. Parts of this blog are not what I would currently consider analytically sound. This was written over 2 years ago and my skills and my perspective on this group have changed a lot since then. 📝 I decided to review and rethink some of the things I wrote in one of my more popular blogs, which was received well(ish) but was not what I would currently consider analytically sound. This was written nearly 1.5 yrs ago and my perspective has changed 1/7 https://t.co/Nk3amxHHiQ — Will (@BushidoToken) November 29, 2021 Originally published on 14.06.2020 PART 1: DARKHOTEL DarkHotel is a sophisticated and active advanced persistent threat (APT) group. It’s highly capable and is known for finding and taking advantage of previously unknown vulnerabilities in common software also known as a 0day. It is a well-est...