“Threat Groups Affected by International Situations” Toshio Nawa (Cyber Defense Institute)
In January of this year, a Chinese hacker group carried out a breach attack on South Korea. A connection with a Russian hacker group has also been pointed out. Given the situation in Ukraine and the artillery trade with South Korea, the group is using South Korea as a training ground for attacks.
From February to April this year, a Russian hacktivist group carried out DDoS attacks against Japan. Behind the attacks are Japan’s development of hypersonic missiles and sanctions against Russia. The Japanese government continues to impose sanctions and step up support for Ukraine. It can be seen that the hacktivist’s declaration of attack and the information reported are mutually influencing each other.
●Chinese hacker group “Teng Snake” and its successor “Cyber Security Team”
Teng Snake has been in full swing since 2009 and has been hacking countries around the world. Its activities are diverse.
Last year, the network was hacked in response to South Korea’s increased cooperation with NATO. In the same year, it also claimed to hack the Korean medical sector and the medical device industry association, exfiltrate data, and sell it. After that, Telegram went on hiatus for about half a year and resumed its activities in December last year.
Recently, multiple researchers found signs of new attacks against organizations in Japan and Taiwan by the Cyber Security Team. Although it has no confirmed ties to the Chinese government, the Cyber Security Team is pro-China and targets not only NATO members but also countries and regions considered hostile to China.
●A pro-Russian hacktivist group that conducts falsification and DDOS attacks on Ukraine and its supporting countries
NoName057 (16) formed on Telegram last year. The group stresses that it operates independently of the pro-Russian killnet and says it chooses its own targets for DDoS attacks. NoName057, 16, launched a crowdsourced botnet project called DDOSIA last year to step up its attacks on the websites of government and private organizations by offering financial rewards for successful attacks. Its targets are mainly Western countries that support Ukraine.
Kilnet is a pro-Russian hacktivist known for its denial-of-service attacks against the websites of governments and private companies in Ukraine-supporting countries during Russia’s invasion of Ukraine last year. He is media savvy and has many social supporters. Earlier this year, he set up a cybercrime school, Dark School, which offers online training in hacking techniques.
Against the backdrop of political conflict, these hacktivist groups are demonstrating their will through attacks in cyberspace. As a result, target organizations and countries are forced to strengthen their countermeasures against cyberattacks.