Riding with the Chollimas: Our 100-Day Quest to Identify a North Korean State-Sponsored Threat Actor

Step into the Labyrinth with us as we uncover the true identity of a state-sponsored threat actor from North Korea. This is a hacker and journalist's 100-days quest to unravel the mystery of what seemed like a homemade malware sample but turned out to be a dangerous artifact backed by a nation-state. Our talk takes a deep dive into the technical analysis of the malware and its supporting C2 infrastructure, using open-source (OSINT) and Cyber Threat Intelligence (CTI) to profile the threat actor and hunt its infrastructure. We then explore the social aspects of the matter by interviewing government agencies, security forces, and private intelligence companies to provide a comprehensive understanding of the North Korean affair. This talk is aimed at both beginners and seasoned intel practitioners/analysts and threat hunters.