Dissecting Phishing Techniques of CloudDragon APT

Explore the sophisticated phishing techniques employed by the North Korean APT group CloudDragon in this comprehensive conference talk from the Hack In The Box Security Conference. Delve into the group's three main approaches: leveraging trending themes, creating convincing phishing sites, and developing methods to bypass two-factor authentication. Examine real-world cases and in-depth analyses of CloudDragon's various tactics, including their use of proprietary backdoors like BabyShark and AppleSeed. Gain insights into how the group reuses personal data as bait and expands their operations to target Android systems. Learn from cybersecurity experts Linda Kuo and Zih-Cing Liao as they share their observations and analysis, providing valuable information for better defense and detection against this formidable threat actor.