Full Report
Note This trend report on the deep web and dark web of October 2024 is sectioned into Ransomware, Forums & Black Markets, and Threat Actor. We would like to state beforehand that some of the content has yet to be confirmed to be true. Major Issues 1. Ransomware 1.1. […] 게시물 Threat Trend Report on Deep Web & Dark Web – Ransomware Groups & Cybercrime Forums and Markets of October 2024이 ASEC에 처음 등장했습니다.
Analysis Summary
# Threat Actor: KillSecurity (KillSec)
## Attribution & Identity
The threat actor is a ransomware gang known as **KillSecurity** or **KillSec**.
## Activity Summary
KillSec was active in October 2024, listing a company specializing in commercial real estate and investment insights in **South Korea** as a victim on their Dedicated Leak Site (DLS) and Telegram channel. This marks a notable shift as the gang, which previously targeted foreign countries, has now attacked a Korean entity. The group also claimed responsibility for a significant data breach against **Casio Computer Co., Ltd.**, a Japanese electronics and IT manufacturer, publishing 204.9 GB of stolen data on their DLS.
## Tactics, Techniques & Procedures
- Employing Ransomware operations, including data exfiltration prior to public disclosure.
- Utilizing a Dedicated Leak Site (DLS) and Telegram channel for victim shaming and data disclosure.
- Data leakage occurred 6 days after the breach (indicating planned disclosure timelines).
## Targeting
- **Sectors:** Commercial Real Estate/Investment Information (Korea); Electronics/IT Manufacturing (Japan).
- **Geography:** South Korea and Japan.
- **Victims:** A prominent South Korean commercial real estate information provider; Casio Computer Co., Ltd.
## Tools & Infrastructure
- **Malware families used:** Ransomware (Specific family name not detailed, but implied by "ransomware gang").
- **Infrastructure:** Dedicated Leak Site (DLS); Telegram channel.
## Implications
KillSec's attack on a Korean real estate data provider signifies an expansion of their operational focus into the **economic information sector**, moving beyond general manufacturing targets. The release of highly sensitive data—including financial forecasts, market research, personal credentials, and business registration details—highlights the increasing sophisticated nature of ransomware threats targeting economic stability and data protection compliance.
## Mitigations
- Reevaluate and strengthen overall security systems.
- Enhance protection measures for sensitive personal information and business-critical data (financial projections, market research).
- Improve incident response and cybersecurity detection/monitoring capabilities.
- Align security posture with strategic threat management principles.