Researchers Unearth North Korean Led Espionage Campaign

Share post:

Researchers at Proofpoint recently uncovered a spying campaign launched by state-sponsored North Korean cyber attackers.

The group, known as TA406, is part of several groups identified as Kimsuky that focus mainly on espionage, money-grabbing, malware distribution, phishing, intelligence gathering and cryptocurrency theft.

The group targets several countries, including North America, Russia, China, South Korea, Japan, Germany, France, the United Kingdom, South Africa, India, and others, and uses phishing emails embellished with topics related to nuclear safety, politics, and Korean foreign policy to target high-ranking elected officials.

Some of the tactics used in phishing attacks involve imitating real people using basic HTTP authentication, which displays a browser dialog asking for the user’s documents.

Once an deployed malware is opened, the file creates a scheduled task called “Twitter Alarm,” which allows the threat actors to deploy additional payloads every 15 minutes. Once executed, the EXE also opens a web browser to a PDF file of a legitimate NK News article hosted on the actor’s infrastructure.

For more information, read the original story in Bleeping Computer.

Featured Tech Jobs

SUBSCRIBE NOW

Related articles

Cyber Security Today, April 12, 2024 – A warning to Sisense customers, a new tactic for spreading the Raspberry Robin worm, and more

A warning to Sisense customers, a new tactic for spreading the Raspberry Robin worm, and more. Welcome to Cyber Security Today. It’s Friday April 12th, 2024. I’m Howard Solomon. Organizations that use products from business analytics provider Sisense [SI-SENSE] are being told to reset user login credentials and digital keys. The warning comes from the

LinkedIn introduces verification for recruiters to combat scams

LinkedIn announced today the launch of a new verification process for job recruiters, a move aimed at curtailing...

Cyber Security Today, Week in Review for week ending Friday, April 5, 2024

This episode features a discussion on a highly critical report on the hacking of Microsoft Exchange Online email accounts, a case study of a ransomware attack and the discovery of a years-long infiltration of an open source group to insert a backdoor

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways