Darkseoul

DarkSeoul, also known as Onyx Sleet, Plutonium, and Andariel, is a threat actor group believed to be associated with the 110th Research Center. This group has been active since at least 2013, when it launched the DarkSeoul campaign, resulting in significant damage to thousands of systems in the financial sector and causing outages at the top three media companies in South Korea. The group targets defense and IT services organizations across the United States, South Korea, and India, frequently exploiting N-day vulnerabilities in their cyber attacks. The connection between DarkSeoul and the Lazarus group, another infamous advanced persistent threat actor, was made through the analysis of Dtrack samples. Initially, these samples were found as dropped payloads, encrypted with various droppers. However, using Kaspersky's Attribution Engine, cybersecurity researchers decrypted the final payload, revealing similarities with the 2013 DarkSeoul campaign. This discovery linked DarkSeoul to Lazarus, a group known for numerous cyberespionage and cyber sabotage operations. In conclusion, DarkSeoul poses a significant threat to global cybersecurity. Its association with the Lazarus group and its history of devastating cyber attacks, such as the 2013 campaign that severely impacted South Korea's financial sector and media companies, underscore the critical importance of remaining vigilant against this threat actor. Moreover, DarkSeoul's tendency to exploit N-day vulnerabilities highlights the need for robust and up-to-date security measures in defense and IT service organizations worldwide.