Dive into a detailed conference talk examining LABYRINTH CHOLLIMA, a North Korean threat actor, and their sophisticated macOS intrusion techniques. Learn about this DPRK-nexus group's dual mission of cyber espionage and currency generation, responsible for notable attacks including the 2014 Sony Pictures hack, WannaCry outbreak, and 2023 3CX supply chain attack. Explore their evolving expertise in targeting cryptocurrency organizations and macOS systems, particularly within software development companies. Senior Intrusion Analysts Greg Longo and Ben Wiley from CrowdStrike's Falcon OverWatch team break down the adversary's advanced social engineering tactics, custom multi-stage implants, and living-off-the-land techniques used for reconnaissance, persistence, and lateral movement. Gain deep insights into the complete attack life cycle and examine real-world examples of custom tooling and techniques employed during network infiltrations.
Interactive Intrusions by North Korean APT - Analysis of LABYRINTH CHOLLIMA Operations
Objective-See Foundation via YouTube
Overview
Syllabus
#OBTS v6.0: "An Examination of Interactive Intrusions by a North Korean APT" Greg Longo & Ben Wiley
Taught by
Objective-See Foundation