Exploring Initial Access Methods of Surprisingly Competent Government Employees

When you think of cutting-edge or profitable, those thoughts are rarely followed by the word "government." However, in 2022 alone, actors operating on behalf of the North Korean regime stole over $1 billion worth of cryptocurrency. It may come as a shock that a government entity was one of the most profitable cybercrime operations last year, but it was no fluke. This talk will focus on the rapidly evolving initial access methods of one of North Korea's cybercriminal groups, TA444, and the context for why North Korea must resort to cybercrime. In 2022 and 2023, the group has mirrored the cybercriminal landscape in its use of varying file formats to gain initial access, relied on benign conversation starters to win the trust of their targets, and continued to rake in profits. The best part of this talk is there will be no mention of info-stealers, Cobalt Strike, or ransomware.