DOCSLIB.ORG

40,001 Attacks: How We Got Through the Trump-Kim Summit and What’S Next

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

#RSAC SESSION ID: TTA1-F02 40,001 ATTACKS: HOW WE GOT THROUGH THE TRUMP-KIM SUMMIT AND WHAT’S NEXT Ravikant Tiwari Security Researcher Acronis @ravitiwari1989 Revisiting the historic summit #RSAC Denuclearization and World Peace Captured U.S. soldiers return home Safety guarantees to North Korea 40000 cyberattacks on Singapore Attacks Timeline #RSAC Attacks launched between 15:00 UTC on June 11th and 12:00 UTC June 12th 92% reconnaissance scans, looking for vulnerable devices 8% exploit attacks Source: F5 Networks Something New? #RSAC International events are becoming primary cyber attack targets The Trump-Kim Summit thwarted The PyeongChang Winter Olympic hacked The U.S. Elections hacked The Rio 2016 Olympics hacked French Presidential elections thwarted Who is responsible ? #RSAC State-sponsored Seasoned attackers Cyber criminals Hacktivists One among us now Cyber Rockstar #RSAC “Bureau 121” and “91 Office” #RSAC Part of the Reconnaissance General Bureau of North Korea's military. ~2000 specialists employed Operations: South Korea cyberattack, 2013 Sony Pictures hack, 2014 SWIFT banking hack, 2015-2016 Bangladesh Bank Heist, 2016 WannaCry ransomware attack, 2017 Hand-picked graduates of the University of Automation, Pyongyang spend 5 years in training Overloaded with Orders #RSAC Recent alerts issued by FBI and DHS June 14, 2018: TYPEFRAME May 29, 2018: Joanap Trojan and Brambul Worm May 29, 2018: HIDDEN COBRA RAT/Worm March 28, 2018: SHARPKNOT February 13, 2018: HARDRAIN February 13, 2018: BADCALL The Bears #RSAC Among the Attributed Hacks #RSAC PyeongChang Olympic Winter Games, 2018 German and French elections, 2016 to 2017 U.S. Elections (DNC Email leaks), 2016 Attack on the Ukrainian power grid, 2016 White House and NATO attack, 2015 U.S. military wives' death threats, 2015 When It All Began: Look Back In 2010 #RSAC Leakage of Weaponry = e.g. WannaCry #RSAC NSA Public Cyber Weapons and Industrial Hacks Timeline #RSAC Hacktivists: The Anonymous Group #RSAC ISIS Website Attack, 2015 WTO Hack, 2015 Donald Trump’s Website Hack, 2015 Federal Attack, 2012 Cybergate, 2011 BART Attack, 2011 Dark Discovery, 2011 Glance at the recent Olympic Destroyer #RSAC Aim to Disrupt the Winter Olympic Games #RSAC Officials Responded To An Attack Fast Enough #RSAC The disruption had affected several areas within the Games but the committee was confident systems would be fully operational as soon as possible The official website was only back on track at 8 am on Saturday – 12 hours later! “We know what happened and this is a usual thing during the Olympic Games” Entry point #RSAC Targets #RSAC Ski Resort Accommodation IT Service Web Server Affected Parties #RSAC Software vendor responsible for automation at ski resorts 2 ski resort hotels in South Korea IT service provider (Atos.net) headquartered in France Reconnaissance: Spear Phishing Emails #RSAC Weaponized Document in Email #RSAC Macro-Enabled Document PowerShell Backdoor #RSAC > PS Backdoor Components #RSAC Copy Main Dropper Copy of Add Dropper Use Credentials Windows Credential Browser Credential Credentials PsExec Tool Wiper Stealer Stealer Module Fooled by The Destroyer #RSAC Did not delete its components Not Petya Did not harm OS files (Calculated destruction) Possibly had intentions to be discovered The Lazarus Intentional use of TTPs from various old hacks APT 3 Critical Infrastructure Is A Favorite Choice #RSAC Blackout: BlackEnergy #RSAC Spear-phishing emails with BlackEnergy malware Seizing SCADA under control, remotely switching substations off Disabling/destroying IT infrastructure components Uninterruptible power supplies Modems RTUs Commutators Destruction of files stored on servers and workstations with the KillDisk malware Denial-of-service attack on call-center to deny consumers up-to-date information on the blackout Doctors are Awesome! #RSAC Hackers Almost Killed a Child in a Tyumen Hospital Medical equipment disabled right in the middle of the operation “He was doing a very complicated operation on the brain of a thirteen-year-old girl, and in the middle of this operation the clinical center was subjected to a cyber attack, and all the computer systems, all the devices that accompanied this operation, were turned off” Bangladesh Bank robbery #RSAC Issued instructions to withdraw US$ 1 billion US$ 144 million stolen Perpetrators were suspected to have been aided by insiders “If that linkage from the Sony actors to the Bangladeshi bank actors is accurate—that means that a nation state is robbing banks” Richard Ledgett, former Deputy Director of the NSA More devices – more attacks #RSAC MIRAI - 1.2Tbps of traffic 40,000 infected IoT devices online and about 2.5 million IoT devices offline Botnet-as-a-Service : Offered Mirai botnet services from US$50 to $7,500 Cybersecurity trends in 2018 #RSAC Possibility of AI-powered attacks Ransomware and attacks on IoT devices continue to grow A rise of state-sponsored attacks Attacks against cryptocurrencies and blockchain systems Many companies will fail to comply with the GDPR Lesson Learned #RSAC Not a Boogie Man: cyber warfare is real Attackers are no longer just individuals and script kiddies Small enterprises are a way to reach bigger targets What can be done? #RSAC Harden network, endpoints and services Invest in security assessment and audits of your company Identify your most important assets and secure them first Enforce proper security compliance and guidelines on your partners #RSAC THANK YOU !.
Recommended publications
  • View Final Report (PDF)

    View Final Report (PDF)

    TABLE OF CONTENTS TABLE OF CONTENTS I EXECUTIVE SUMMARY III INTRODUCTION 1 GENESIS OF THE PROJECT 1 RESEARCH QUESTIONS 1 INDUSTRY SITUATION 2 METHODOLOGY 3 GENERAL COMMENTS ON INTERVIEWS 5 APT1 (CHINA) 6 SUMMARY 7 THE GROUP 7 TIMELINE 7 TYPOLOGY OF ATTACKS 9 DISCLOSURE EVENTS 9 APT10 (CHINA) 13 INTRODUCTION 14 THE GROUP 14 TIMELINE 15 TYPOLOGY OF ATTACKS 16 DISCLOSURE EVENTS 18 COBALT (CRIMINAL GROUP) 22 INTRODUCTION 23 THE GROUP 23 TIMELINE 25 TYPOLOGY OF ATTACKS 27 DISCLOSURE EVENTS 30 APT33 (IRAN) 33 INTRODUCTION 34 THE GROUP 34 TIMELINE 35 TYPOLOGY OF ATTACKS 37 DISCLOSURE EVENTS 38 APT34 (IRAN) 41 INTRODUCTION 42 THE GROUP 42 SIPA Capstone 2020 i The Impact of Information Disclosures on APT Operations TIMELINE 43 TYPOLOGY OF ATTACKS 44 DISCLOSURE EVENTS 48 APT38 (NORTH KOREA) 52 INTRODUCTION 53 THE GROUP 53 TIMELINE 55 TYPOLOGY OF ATTACKS 59 DISCLOSURE EVENTS 61 APT28 (RUSSIA) 65 INTRODUCTION 66 THE GROUP 66 TIMELINE 66 TYPOLOGY OF ATTACKS 69 DISCLOSURE EVENTS 71 APT29 (RUSSIA) 74 INTRODUCTION 75 THE GROUP 75 TIMELINE 76 TYPOLOGY OF ATTACKS 79 DISCLOSURE EVENTS 81 COMPARISON AND ANALYSIS 84 DIFFERENCES BETWEEN ACTOR RESPONSE 84 CONTRIBUTING FACTORS TO SIMILARITIES AND DIFFERENCES 86 MEASURING THE SUCCESS OF DISCLOSURES 90 IMPLICATIONS OF OUR RESEARCH 92 FOR PERSISTENT ENGAGEMENT AND FORWARD DEFENSE 92 FOR PRIVATE CYBERSECURITY VENDORS 96 FOR THE FINANCIAL SECTOR 96 ROOM FOR FURTHER RESEARCH 97 ACKNOWLEDGEMENTS 98 ABOUT THE TEAM 99 SIPA Capstone 2020 ii The Impact of Information Disclosures on APT Operations EXECUTIVE SUMMARY This project was completed to fulfill the including the scope of the disclosure and capstone requirement for Columbia Uni- the disclosing actor.
  • A PRACTICAL METHOD of IDENTIFYING CYBERATTACKS February 2018 INDEX

    A PRACTICAL METHOD of IDENTIFYING CYBERATTACKS February 2018 INDEX

    In Collaboration With A PRACTICAL METHOD OF IDENTIFYING CYBERATTACKS February 2018 INDEX TOPICS EXECUTIVE SUMMARY 4 OVERVIEW 5 THE RESPONSES TO A GROWING THREAT 7 DIFFERENT TYPES OF PERPETRATORS 10 THE SCOURGE OF CYBERCRIME 11 THE EVOLUTION OF CYBERWARFARE 12 CYBERACTIVISM: ACTIVE AS EVER 13 THE ATTRIBUTION PROBLEM 14 TRACKING THE ORIGINS OF CYBERATTACKS 17 CONCLUSION 20 APPENDIX: TIMELINE OF CYBERSECURITY 21 INCIDENTS 2 A Practical Method of Identifying Cyberattacks EXECUTIVE OVERVIEW SUMMARY The frequency and scope of cyberattacks Cyberattacks carried out by a range of entities are continue to grow, and yet despite the seriousness a growing threat to the security of governments of the problem, it remains extremely difficult to and their citizens. There are three main sources differentiate between the various sources of an of attacks; activists, criminals and governments, attack. This paper aims to shed light on the main and - based on the evidence - it is sometimes types of cyberattacks and provides examples hard to differentiate them. Indeed, they may of each. In particular, a high level framework sometimes work together when their interests for investigation is presented, aimed at helping are aligned. The increasing frequency and severity analysts in gaining a better understanding of the of the attacks makes it more important than ever origins of threats, the motive of the attacker, the to understand the source. Knowing who planned technical origin of the attack, the information an attack might make it easier to capture the contained in the coding of the malware and culprits or frame an appropriate response. the attacker’s modus operandi.
  • Congressional Record United States Th of America PROCEEDINGS and DEBATES of the 116 CONGRESS, FIRST SESSION

    Congressional Record United States Th of America PROCEEDINGS and DEBATES of the 116 CONGRESS, FIRST SESSION

    E PL UR UM IB N U U S Congressional Record United States th of America PROCEEDINGS AND DEBATES OF THE 116 CONGRESS, FIRST SESSION Vol. 165 WASHINGTON, THURSDAY, MARCH 14, 2019 No. 46 House of Representatives The House met at 9 a.m. and was Pursuant to clause 1, rule I, the Jour- Mr. HARDER of California. Mr. called to order by the Speaker pro tem- nal stands approved. Speaker, this week, the administration pore (Mr. CARBAJAL). Mr. HARDER of California. Mr. released its proposed budget, and I am f Speaker, pursuant to clause 1, rule I, I here to share what those budget cuts demand a vote on agreeing to the actually mean for the farmers in my DESIGNATION OF THE SPEAKER Speaker’s approval of the Journal. home, California’s Central Valley. PRO TEMPORE The SPEAKER pro tempore. The Imagine you are an almond farmer in The SPEAKER pro tempore laid be- question is on the Speaker’s approval the Central Valley. Maybe your farm fore the House the following commu- of the Journal. has been a part of the family for mul- nication from the Speaker: The question was taken; and the tiple generations. Over the past 5 WASHINGTON, DC, Speaker pro tempore announced that years, you have seen your net farm in- March 14, 2019. the ayes appeared to have it. come has dropped by half, the largest I hereby appoint the Honorable SALUD O. Mr. HARDER of California. Mr. drop since the Great Depression. CARBAJAL to act as Speaker pro tempore on Speaker, I object to the vote on the Then you wake up this week and hear this day.
  • The Cyber Threat to UK Business 2016/2017 Report Page 1

    The Cyber Threat to UK Business 2016/2017 Report Page 1

    The cyber threat to UK business 2016/2017 Report Page 1 Contents Foreword (Ciaran Martin - NCSC) ..................................................................................................................................... 2 Foreword (Donald Toon - NCA) ........................................................................................................................................ 3 Executive summary ........................................................................................................................................................... 4 What is the threat? ........................................................................................................................................................... 5 The year in review: pivotal incidents of 2016 ................................................................................................................ 10 Horizon scanning: future threats .................................................................................................................................... 13 Fighting back: what can business do? ............................................................................................................................ 15 Case studies illustrating UK LEA and industry joint protect work ................................................................................. 19 Debate: can we stop the Internet from being used for crime? .................................................................................... 20 Page 2 The
  • Make Technology Great Again

    Make Technology Great Again

    Make Technology Great Again Michał „rysiek” Woźniak [email protected] Everything is Broken – Quinn Norton https://medium.com/message/everything-is-broken-81e5f33a24e1 "Malicious Word Doc Uses ActiveX To Infect" https://www.vmray.com/blog/malicious-word-doc-uses-activex-infect/ "Word Malware: OLE Exploited in Zero-Day Attack" https://www.vadesecure.com/en/word-doc-malware/ "Dynamic Data Exchange was frst introduced in 1987 with the release of Windows 2.0” https://en.wikipedia.org/wiki/Dynamic_Data_Exchange "As part of the December 2017 Patch Tuesday, Microsoft has shipped an Ofce update that disables the DDE feature in Word applications, after several malware campaigns have abused this feature to install malware.” https://www.bleepingcomputer.com/news/microsoft/microsoft-disables-dde-feature-in-word- to-prevent-further-malware-attacks/ "Dynamic Data Exchange was frst introduced in 1987 with the release of Windows 2.0” https://en.wikipedia.org/wiki/Dynamic_Data_Exchange "As part of the December 2017 Patch Tuesday, Microsoft has shipped an Ofce update that disables the DDE feature in Word applications, after several malware campaigns have abused this feature to install malware.” https://www.bleepingcomputer.com/news/microsoft/microsoft-disables-dde-feature-in-word- to-prevent-further-malware-attacks/ "Microsoft Ofce macro malware targets Macs" https://blog.malwarebytes.com/cybercrime/2017/02/microsoft-ofce-macro- malware-targets-macs/ "Beware PowerSniff Malware uses Word macros and PowerShell scripts" https://www.grahamcluley.com/beware-powersnif-malware/
  • Threat Landscape Report – 1St Quarter 2018

    Threat Landscape Report – 1St Quarter 2018

    TLP-AMBER Threat Landscape Report – 1st Quarter 2018 (FINAL) V1.0 – 10/04/2018 This quarterly report summarises the most significant direct cyber threats to EU institutions, bodies, and agencies (EU-I or 'Constituents') in Part I, the development of cyber-threats on a broader scale in Part II, and recent technical trends in Part III. KEY FINDINGS Direct Threats • In Europe, APT28 / Sofacy threat actor (likely affiliated to Russia military intelligence GRU) targeted government institutions related to foreign affairs and attendees of a military conference. Another threat actor, Turla (likely affiliated to Russia’s security service FSB) executed a cyber-operation against foreign affairs entities in a European country. • A spear-phishing campaign that targeted European foreign ministries in the end of 2017 was attributed to a China-based threat actor (Ke3chang) which has a long track record of targeting EU institutions (since 2011). As regards cyber-criminality against EU institutions, attempts to deliver banking trojans are stable, ransomware activities are still in decline and cryptojacking on the rise. Phishing lures involve generic matters (’invoice’, ‘payment’, ‘purchase’, ‘wire transfer’, ‘personal banking’, ‘job application’) and more specific ones (foreign affairs issues, European think tanks matters, energy contracts, EU delegation, EU watch keeper). Almost all EU-I are affected by credential leaks (email address | password) on pastebin-like websites. Several credential- harvesting attempts have also been detected. Attackers keep attempting to lure EU-I staff by employing custom methods such as spoofed EU-I email addresses or weaponisation of EU-I documents. Broader Threats • Critical infrastructure. In the energy sector, the US authorities have accused Russian actors of targeting critical infrastructure (including nuclear) for several years and are expecting this to continue in 2018.
  • How to Prevent a Robbery in Albanian Financial Institutions

    How to Prevent a Robbery in Albanian Financial Institutions

    European Journal of Engineering and Technology Vol. 6 No. 2, 2018 ISSN 2056-5860 HOW TO PREVENT A ROBBERY IN ALBANIAN FINANCIAL INSTITUTIONS Enida Puto Kozeta Sevrani Bank of Albania Faculty of Economy - UT ALBANIA ALBANIA [email protected] [email protected] ABSTRACT Cyber-attacks are growing in number and attackers are focusing more deeply inside banks. Financial institutions execute some of the most important, critical and confidential transactions and are more at risk from cyber attacks. Recently, several robberies were made using SWIFT messaging interfaces, which has caused an alarm in the financial world, since SWIFT is the end point to financial transactions for most financial institutions around the world. In this paper we refer to Bangladesh Bank robbery as a case study, analyze what happened from the information available on the Web and come to conclusions about how this incident could have been prevented. Starting from this case, our scope for this paper is to explain how to prevent similar incidents in Albanian financial institutions. In order to do so, we use a list of security areas that usually take place in local infrastructures and compare against the local infrastructures in several Albanian institutions. We then list the vulnerabilities that we found and recommend how to improve them. Also, we found some strong security points. The security of local environments lies beyond SWIFT local infrastructure. The findings and recommendations of this paper can be applied in every system that needs high security. Keywords: Local, infrastructure, security, institutions, SWIFT. INTRODUCTION The Bangladesh Bank robbery took place in February 2016, when instructions to fraudulently withdraw US$ 1 billion from the account of Bangladesh Bank, the central bank of Bangladesh, at the Federal Reserve Bank of New York were issued via the SWIFT network.

  • Who Targets/Attacks the Japanese Financial Sector & Why?

    DSEI - Combating Threats of the New Era Measures against Cyber Who Targets Japan & Why? Ideas to Combat! Cartan McLaughlin CEO Nihon Cyber Defence Co., Ltd. © Nihon Cyber Defence Co., Ltd, 2019. All rights reserved. Warning! Hacking without permission is a criminal offence. COMMON NATION STATE THREAT ACTORS Russia - BEAR China - PANDA North Korea - CHOLLIMA • Fancy Bear (APT 28) • Emissary Panda (APT 27) • Lazarus • Cozy Bear (APT 29) • Stone Panda (APT 10) • Bluenoroff • Voodoo Bear • Comment Crew (APT 1) • Andariel • Energetic Bear • Ke3Chang • Deep Panda © Nihon Cyber Defence Co., Ltd, 2019. All rights reserved. Warning! Hacking without permission is a criminal offence. MISSION - NATION STATE THREAT ACTORS Russia – BEAR China – PANDA North Korea – CHOLLIMA • Political • Military • Financial • Military • Intellectual Property • Intellectual Property • Financial • Financial © Nihon Cyber Defence Co., Ltd, 2019. All rights reserved. Warning! Hacking without permission is a criminal offence. UN Report: North Korean virtual currency hackers have earned up to $2 billion so far © Nihon Cyber Defence Co., Ltd, 2019. All rights reserved. Warning! Hacking without permission is a criminal offence. RGB: NORTH KOREAN CYBER ESPIONAGE • The Reconnaissance General Bureau of AGENCY/GROUP North Korea • Prime Agency for North Korea cyber activities BUREAU 121: • North Korean cyberwarfare agency • Suspected/Alleged for Sony Hack 2014 • Suspected 1,800 specialists or more UNIT 180: • North Korean cyberwarfare cell • Suspected/Alleged for : - • Bangladesh Bank robbery in 2016 • the WannaCry ransomware attack 2017 LAZARUS GROUP: • Suspected for Bitpoint (2019) and Coincheck(2018) hack • Suspected groups under the hood: • Financially motivated © Nihon Cyber Defence Co., Ltd, 2019. All rights reserved. Warning! Hacking without permission is a criminal offence.
  • Cb Defense Ransomware Efficacy Assessment

    Cb Defense Ransomware Efficacy Assessment

    Efficacy Assessment of Cb Defense Against Ransomware September 2017 Table of Contents 1 Executive Summary .................................................................................................................. 3 1.1 Test results ........................................................................................................................................ 3 2 Introduction.............................................................................................................................. 5 2.1 Structure of this report ..................................................................................................................... 5 2.2 Overview ........................................................................................................................................... 5 2.3 Ransomware as a business model .................................................................................................... 6 3 Ransomware families in scope .................................................................................................. 7 4 Detailed Results ........................................................................................................................ 9 5 Methodology .......................................................................................................................... 11 5.1 Infection methods ........................................................................................................................... 11 5.2 Result interpretation ......................................................................................................................
  • Cyber Espionage

    Cyber Espionage

    From January 2019 to April 2020 Cyber espionage ENISA Threat Landscape Overview Cyber espionage is considered both a threat and a motive in the cybersecurity playbook. It is defined as ‘the use of computer networks to gain illicit access to confidential information, typically that held by a government or other organisation’.1 In 2019, many reports revealed that global organisations consider cyber espionage (or nation-state-sponsored espionage) a growing threat affecting industrial sectors, as well as critical and strategic infrastructures across the world, including government ministries, railways, telecommunication providers, energy companies, hospitals and banks. Cyber espionage focuses on driving geopolitics, and on stealing state and trade secrets, intellectual property rights and proprietary information in strategic fields. It also mobilises actors from the economy, industry and foreign intelligence services, as well as actors who work on their behalf. In a recent report, threat intelligence analysts were not surprised to learn that 71% of organisations are treating cyber espionage and other threats as a ‘black box’ and are still learning about them. In 2019, the number of nation-state-sponsored cyberattacks targeting the economy increased and it is likely to continue this way. In detail, nation-state-sponsored and other adversary-driven attacks on the Industrial Internet of Things (IIoT) are increasing in the utilities, oil and natural gas (ONG), and manufacturing sectors. Furthermore, cyberattacks conducted by advanced persistent threat (APT) groups indicate that financial attacks are often motivated by espionage. Using tactics, techniques and procedures (TTPs) akin to those of their espionage counterparts, groups such as the Cobalt Group, Carbanak and FIN7 have allegedly been targeting large financial institutions and restaurant chains successfully.
  • Major Malware Threat Intelligence Report for Bangladesh Context

    Major Malware Threat Intelligence Report for Bangladesh Context

    Major Malware Threat Intelligence Report For Bangladesh Context Report Period: Jan - Sep, 2020 Published: October, 2020 Table of Contents About this Report .............................................................................................................................. 1 General Definition ............................................................................................................................. 2 Malware: AZORult ............................................................................................................................. 6 Malware: KPOT Stealer .................................................................................................................... 26 Malware: Oski Stealer...................................................................................................................... 31 Malware: FormBookFormgrabber.................................................................................................... 34 Malware: Loki PWS .......................................................................................................................... 38 Malware:Nexus Stealer.................................................................................................................... 44 Malware: TrickBot ........................................................................................................................... 46 Malware: Kinsing ............................................................................................................................
  • Download Indictment.Pdf

    Download Indictment.Pdf

    1 2 3 12/8/2020 4 JB 5 6 7 8 UNITED STATES DISTRICT COURT 9 FOR THE CENTRAL DISTRICT OF CALIFORNIA 10 January 2020 Grand Jury 11 UNITED STATES OF AMERICA, CR 2:20-cr-00614-DMG 12 Plaintiff, I N D I C T M E N T 13 v. [18 U.S.C. § 371: Conspiracy; 18 U.S.C. § 1349: Conspiracy to 14 JON CHANG HYOK, Commit Wire Fraud and Bank Fraud; aka “Quan Jiang,” 18 U.S.C. §§ 982, 1030: Criminal 15 aka “Alex Jiang,” Forfeiture] KIM IL, 16 aka “Julien Kim,” aka “Tony Walker,” and 17 PARK JIN HYOK, aka “Jin Hyok Park,” 18 aka “Pak Jin Hek,” aka “Pak Kwang Jin,” 19 Defendants. 20 21 The Grand Jury charges: 22 INTRODUCTORY ALLEGATIONS AND DEFINITIONS 23 At times relevant to this Indictment: 24 A. The Conspiracy and Defendants 25 1. The Democratic People’s Republic of Korea (“DPRK”), also 26 known as (“aka”) North Korea, operated a military intelligence agency 27 called the Reconnaissance General Bureau (“RGB”). The RGB was 28 headquartered in Pyongyang, DPRK, and comprised multiple units. 1 2. Defendants JON CHANG HYOK (ࢷॷୂ), aka “Quan Jiang,” aka 2 “Alex Jiang”; KIM IL (̡ࢊ), aka “Julien Kim,” aka “Tony Walker”; and ऑୂ), aka “Jin Hyok Park,” aka “Pak Jin Hek,” aka؃) PARK JIN HYOK 3 4 “Pak Kwang Jin” (collectively, the “defendants”), whose photographs 5 are attached as Exhibit A through Exhibit C, respectively, were 6 members of units of the RGB who knowingly and intentionally conspired 7 with each other, and with persons known and unknown to the Grand Jury 8 (collectively, with the defendants, referred to as the “conspirators” 9 and the “hackers”), to conduct criminal cyber intrusions.