OnionDog

Description

Seems to be a Cyber Drill that is conducted every year rather than an APT, according to findings from TrendMicro.

(Qihoo 360) The Helios Team at 360 SkyEye Labs recently revealed that a hacker group named OnionDog has been infiltrating and stealing information from the energy, transportation and other infrastructure industries of Korean-language countries through the Internet. According to big data correlation analysis, OnionDog’s first activity can be traced back to October, 2013 and in the following two years it was only active between late July and early September. The self-set life cycle of a Trojan attack is 15 days on average and is distinctly organizational and objective-oriented.

OnionDog malware is transmitted by taking advantage of the vulnerability of the popular office software Hangul in Korean-language countries, and it attacked network-isolated targets through a USB Worm. In addition, OnionDog also used darkweb (‘Onion City’) communications tools, with which it can visit the domain without the Onion browser, making its real identity hidden in the completely anonymous Tor network.

Names

Name	Name-Giver
OnionDog	Qihoo 360

Country

• South Korea

Motivation

• Information theft and espionage

First Seen

2013

Observed Sectors

• Energy
• Government
• Transportation
• Utilities

Observed Countries

• South Korea

Tools

• Malware on USB stick

Information

• https://www.prnewswire.com/news-releases/onion-dog-a-3-year-old-apt-focused-on-the-energy-and-transportation-industries-in-korean-language-countries-is-exposed-by-360-300232441.html
• https://www.qianxin.com/assets/doc/apt_report/en/OPERATION%20ONIONDOG%20%E2%80%93Disclosing%20Targeted%20Attacks%20on%20Government.pdf
• https://blog.trendmicro.com/trendlabs-security-intelligence/oniondog-not-targeted-attack-cyber-drill/

Other Information

Uuid

acc879e8-ecaf-4090-bebf-7ce411e19820

Last Card Change

2020-04-14