Risky Business Risky Business #804 -- Phrack's DPRK hacker is probably a Chinese APT guy
46 snips
Aug 27, 2025 Greg Bell, Chief Strategy Officer at Corelight, dives into the intriguing intersection of AI and network security. He explains how AI is streamlining the analysis of packet logs, making cybersecurity investigations more efficient. The discussion veers into the complexities of hacking attributions, particularly the mislabeling of perpetrators, such as a supposed DPRK hacker likely being Chinese. Additionally, advanced techniques for embedding covert instructions in digital media hint at the evolving challenges in cybersecurity. It's a riveting look at the future of data security!
AI Snips
Chapters
Transcript
Episode notes
Diplomatic Expulsion Over Foreign‑Backed Violence
- Australia expelled the Iranian ambassador after ASIO linked Iran to violent anti‑Semitic attacks on Australian soil. Patrick Gray described the expulsions as the correct response to Iran recruiting criminals to commit arson and vandalism.
SATCOM Sabotage Has Strategic Timing
- Hacktivists repeatedly target ship SATCOM, disabling terminals by wiping disks and disrupting dozens of vessels. Adam Boileau connected the timing to geopolitical events and sanctions around Iranian oil exports.
Attribution From Doxxes Can Be Misleading
- A Phrack article doxxed an APT operator but attribution to DPRK looks weak based on language and tooling. Patrick Gray and external analysts believe the operator is more likely Chinese than North Korean.