Changes of Cyber Hacking Attack Aspect of North Korea Cyber-Attack Groups Applying MITRE ATT&CK

In the process of preparing cyber security and space security enhancement plans worldwide, cyber attacks
such as North Korean cyber attacker groups Thallium, Kimsuky, Geumseong 121, and Lazarus
have developed into advanced levels and continue to threaten cyber security and space security. The
North Korean cyber attack team has been strengthening cyber attacks by using social engineering
techniques through political and social issues for unspecified numbers of people using detailed attack
stages, procedures, technologies and tools using cyber kill chain technology, starting with APT
attacks in the past. In this paper, we use the enemy cyber threat analysis data to analyze the correlation
between North Korean cyber attack groups by applying MITRE’s ATT&CK, and estimate the
source of attack origin such as open vulnerability, malicious code information, attack group cyber
attack characteristics, and attack cases. Through this, we propose Aspect change in cyber hacking
attacks by North Korean cyber attack groups based on ATT&CK.