Share this page!

Enter URL or ID to Unroll

You can paste full URL like: https://x.com/threadreaderapp/status/1644127596119195649
or just the ID like: 1644127596119195649

How to get URL link on X (Twitter) App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
Ovi (@0v1@infosec.exchange) Profile picture
Ovi (@0v1@infosec.exchange)
@0x0v1
Hacker, researcher, human rights activist combating APTs, gov'ts, surveillance, privacy violations & corporate greed. Hacking & RE s'ware, malware & exploits.
Aug 24, 2023 โ€ข 15 tweets โ€ข 4 min read
The Korean Military's mandatory phone application for all soldiers.

At the start of the year, I found two vulnerabilities in this application that would leak GPS locations of soldiers. The Korean ministry of defense refused to acknowledge my findings. All the details --๐Ÿงต1/n The Military application called ๊ตญ๋ฐฉ๋ชจ๋ฐ”์ผ๋ณด์•ˆ (Defense Mobile Security) has three different versions. They are for soldiers (employees), staff (civil servants) & external contractors. They applications are intended to use NFC and bluetooth to allow enter military sites --๐Ÿงต2/n
Apr 19, 2023 โ€ข 12 tweets โ€ข 2 min read
์ €ํฌ ์ธํ„ฐ๋žฉ์€, ๋””์ง€ํ„ธ๊ณต๊ฐ„์—์„œ ๋ฐ˜๋ณต์ ์œผ๋กœ ์ธ๊ถŒ ํ™œ๋™๊ฐ€๋“ค์„ ํƒ€๊ฒŸ์œผ๋กœ ํ•˜๋Š” ์‚ฌ์ด๋ฒ„๊ณต๊ฒฉ๋“ค์˜ ์ถœ์ฒ˜๋ฅผ ์ถ”์ ํ•ด์˜ค๋ฉฐ, ๋‚ด๋ถ€์ ์œผ๋กœ ์ด ๊ณต๊ฒฉ์ž๋ฅผ UCID902๋กœ ๋ช…๋ช…ํ•˜์˜€์Šต๋‹ˆ๋‹ค. ์ด ๊ณต๊ฒฉ์ž๋Š” ์žฅ๊ธฐ๊ฐ„๋™์•ˆ ๊ตญ๋‚ด์˜ ํŠน์ • ์ธ๊ถŒํ™œ๋™๊ฐ€๋“ค์„ ๋Œ€์ƒ์œผ๋กœ, ํ™œ๋™๊ฐ€๋“ค์˜ ์˜จ๋ผ์ธ ๊ณ„์ •์ •๋ณด๋“ค์„ ํƒˆ์ทจํ•˜๊ธฐ ์œ„ํ•œ ์›Œํ„ฐ๋งํ™€ ๊ณต๊ฒฉ๋“ค์„ ์ง€์†์ ์ด๋ฉฐ ๋ฐ˜๋ณต์ ์œผ๋กœ ์ง„ํ–‰ํ•ด์™”์Šต๋‹ˆ๋‹ค.
Apr 19, 2023 โ€ข 8 tweets โ€ข 2 min read
We (@interlab_kr) have been tracking a threat actor we classify as UCID902. This actor is utilising watering hole credential harvesting attacks to target activists related to the advocacy of human rights in the Korea peninsular. We first observed UCID902 in 2021 when working with activists based in SK and with lures aimed to appear as Naver security alerts, prompting users to input credentials. We found that typical infrastructure was set up on legitimate web development organisations web servers.
Apr 13, 2023 โ€ข 7 tweets โ€ข 3 min read
@hypen1117 Hey Hypen. Thanks kindly for your message. Great to have civil discussion on it! Like I said, I donโ€™t think it really matters. I value your teams research more than this matter, you have done a great thing to society by finding differing versions of RambleOn 1/ @hypen1117 Our analysis was a finding of novel malware that was impacting journalists at that present moment. We found RambleOn then imminently went to work on working with big tech to implement detections and mitigations for it, to better defend society and those at risk 2/
Apr 12, 2023 โ€ข 6 tweets โ€ข 3 min read
Weโ€™ve identified further, clear connections between #RambleOn Android malware and #APT37.

In 2022 we uncovered a new novel Android malware campaign targeting journalists working on the advocacy of NK human rights at @nknewsorg.

Ref: interlab.or.kr/archives/2567

๐Ÿงต1/6 Last month @S2W_Official published additional research on #RambleOn, finding other variants of it and highlighting code similarities between a 2017 campaign operated by #APT37 which used a Android variant of #Rokrat Malware

2/6