Gangnam Industrial Style

Description

(CyberX) Section 52, CyberX’s threat intelligence team, has uncovered an ongoing industrial cyberespionage campaign targeting hundreds of manufacturing and other industrial firms primarily located in South Korea.

The campaign steals passwords and documents which could be used in a number of ways, including stealing trade secrets and intellectual property, performing cyber reconnaissance for future attacks, and compromising industrial control networks for ransomware attacks.

For example, the attackers could be stealing proprietary information about industrial equipment designs so they can sell it to competitors and nation-states seeking to advance their competitive posture.

Also, credentials can provide attackers with remote RDP access to IoT/ICS networks, while plant schematics help adversaries understand plant layouts in order to facilitate attacks. Design information can also be used by cyberattackers to identify vulnerabilities in industrial control systems.

Names

Name	Name-Giver
Gangnam Industrial Style	CyberX

Country

Unknown

Motivation

Information theft and espionage

First Seen

2019

Observed Sectors

Observed Countries

Tools

Information

https://cyberx-labs.com/blog/gangnam-industrial-style-apt-campaign-targets-korean-industrial-companies/

Other Information

Uuid

792aae38-0145-4cc0-8e9f-8d41d147e8ae

Last Card Change

2020-04-14

Threat Intelligence Garden

Explorer

Gangnam Industrial Style

Gangnam Industrial Style

Description

Names

Country

Motivation

First Seen

Observed Sectors

Observed Countries

Tools

Information

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks