Trusted Design

South Korea NIS’s use of Hacking Team’s RCS

概要

This research note outlines what we know about the use of Hacking Team’s Remote Control System (RCS) by South Korea’s National Intelligence Service (NIS). The note synthesizes information found in publicly leaked materials, as well as our own research. The data available in the leaked Hacking Team files provides circumstantial evidence pointing to an interest in compromising individuals with ties to South Korea (i.e., Korean language speakers who use software or apps popular in South Korea, or South Korean editions of Samsung phones). The leaked data alone cannot identify specific individuals targeted by NIS, nor prove misuse of the technology; further investigation and research is necessary to make those determinations. Moreover, the presence of intrusion software does not necessarily equate to its misuse, as such software may be utilized by intelligence or law enforcement agencies in a manner that conforms with rule of law and democratic principles.

Created: 2026-02-23

Indicators

• hostname - shrook.mooo.com -
• domain - mytelkomsel.co -
• FileHash-SHA256 - cbde6a113a54b8dcf122d9d879b7c21c8b03a89d792f49210bbe41e8466d121a -
• domain - cdc-asia.org -
• domain - samsung-update.net -
• domain - getnewandroid.com -
• hostname - video.sexyhub.co -
• domain - bijiaexhibition.com -
• domain - facebook-update.info -
• domain - play-mob.org -
• hostname - link.sexyhub.co -
• FileHash-SHA256 - 21e8d495bca60edc3b64ac970f9a9fa896d0eadc6491452ea937d64849b1f4a0 -
• hostname - hulahope.mooo.com -
• URL - http://shrook.mooo.com/cn/notify.exe -
• hostname - update.indoorapps.com -
• URL - http://free.dramakorea.asia/s/free_korean_movies.exe -
• domain - telegram-apps.org -
• hostname - free.dramakorea.asia -
• FileHash-SHA256 - 8793d6eda87163b04a3db9251ff89b7c8a66500a4ed475c7026b5fc9a4c8abe9 -
• hostname - secure.anyurl.org -

類似Pulses

• New traces of Hacking Team in the wild (score: 0.70)
• New traces of Hacking Team in the wild (score: 0.70)
• PROJECT CAMERASHY: CLOSING THE APERTURE ON CHINA’S UNIT 78020 (score: 0.62)
• HIDDEN COBRA – North Korea’s DDoS Botnet Infrastructure (score: 0.62)
• Inside the spyware campaign against Argentine troublemakers (score: 0.60)

このPulseに関連する脅威アクター (事実ベース)

このPulseに関連する脅威アクター (推論ベース)

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

---

← Pulse一覧に戻る