SK Hack by an Advanced Persistent Threat
This paper summarises the July 2011 intrusion into SK Communications which culminated in the theft of the personal information of up to 35 million people. It describes the use of a trojaned software update to gain access to the target network, in effect turning a security practice into a vulnerability. It also describes the use of a legitimate company to host tools used in the intrusion. Links between this intrusion and other malicious activity are identified and valuable insights are provided for network defenders. Technical details of malicious software and infrastructure are also provided.