ALL MENU

Technology
S2W's Technology
AI
Big Data
Security
Products
SAIP
QUAXAR
XARVIS
EYEZ
Services
AI Data Consulting
Penetration Testing
Incident Response
Request for Intelligence
Resources
Event
Webinar
SIS
Conference
About S2W
About S2W
History
News

QUICK LINKS

Resources
  • Research
  • Threat Analysis Brief Reports
Analysis Report of OpSouthKorea Campaign
2024.11.13

✅ Report Title:


Analysis Report of 'OpSouthKorea' Campaign 



✅ Report Summary:


Cyber tensions rise alongside political conflicts between nations, often leading to cyber-retaliation efforts such as Distributed Denial of Service (DDoS) attacks or hacking attempts.

  • Telegram, known for its accessibility and easy verification of attacks, is used as an effective platform to capture public interest and encourage participation in cyber retaliation efforts.
  • With collaboration across hacking groups from different countries sharing aligned political objectives, attack scope is expanding globally. Hence, continuous monitoring and an understanding of these allied hacking groups are necessary.


This report covers the motives and developments of the cyber retaliation campaign #OpSouthKorea targeting South Korea from June 2024.

  • The #OpSouthKorea (Operation South Korea) campaign against South Korea is progressing on DDW, with an increasing network size among cyber-hacking groups, who share information and resources to plan and execute attacks, forming an organized pattern of operations.



    📌  What is the #OpSouthKorea Timeline?


    The key starting points for the #OpSouthKorea campaign are as follows (based on date/threat actor):


    1. (June 12, 2024 / LulzSec Indonesia)

    Indonesian hacking group LulzSec Indonesia launched DDoS attacks on four government agencies in South Korea, accusing Koreans of being racists and attributing the attacks to controversial remarks on the "IndoLove" forum.


    2. (June 13, 2024 / Народная CyberАрмия)

    Russian hacktivist groups on Telegram, including HackNeT, Народная CyberАрмия, and CyberDragon, united to conduct DDoS attacks against South Korean government agencies and corporations.


    3. (September 17, 2024 / CyberDragon)

    Russian hacktivist group CyberDragon declared the OpSouthKorea campaign, citing South Korea’s support for Ukraine as their reason.


    4-1. (October 23, 2024 / Народная CyberАрмия | RTF, NoName057(16))

    The Russian hacking group Народная CyberАрмия | RTF announced the OpSouthKorea campaign in response to South Korea’s support for Ukraine.


    4-2. (November 4, 2024 / Народная CyberАрмия | RTF, NoName057(16))

    Russian hacktivist group NoName057(16) declared the #OpSouthKorea campaign after South Korean officials expressed strong support for Ukraine and opposition to collaboration between North Korea and Russia.



    ✅ Threat Detection Recommendations:


    Please refer to the link below for detailed analysis and response plans for each case.



    🧑‍💻 Report Author: S2W TALON


    👉 Inquire for Full Report: https://s2w.inc/en/contact


    *The full report is available upon request and for QUAXAR subscribers.



    Threat Intelligence Reports
    Detailed Analysis of TheftCalls: Impersonating Frequently Used Korean Apps
    2024.11.07
    Previous
    News Highlights
    DDW Weekly Highlights in November W1
    2024.11.14
    Next
    List