Security News > 2020 > November > North Korean Hackers Used 'Torisma' Spyware in Job Offers-based Attacks

The attacks, which targeted IP-addresses belonging to internet service providers in Australia, Israel, Russia, and defense contractors based in Russia and India, involved a previously undiscovered spyware tool called Torisma to stealthily monitor its victims for continued exploitation.
Tracked under the codename of "Operation North Star" by McAfee researchers, initial findings into the campaign in July revealed the use of social media sites, spear-phishing, and weaponized documents with fake job offers to trick employees working in the defense sector to gain a foothold on their organizations' networks.
The attacks have been attributed to infrastructure and TTPs previously associated with Hidden Cobra - an umbrella term used by the US government to describe all North Korean state-sponsored hacking groups.
The development continues the trend of North Korea, a heavily sanctioned country, leveraging its arsenal of threat actors to support and fund its nuclear weapons program by perpetrating malicious attacks on US defense and aerospace contractors.
Not only did the campaign use legitimate job recruitment content from popular US defense contractor websites to lure targeted victims into opening malicious spear-phishing email attachments, the attackers compromised and used genuine websites in the US and Italy - an auction house, a printing company, and an IT training firm - to host their command-and-control capabilities.
News URL
http://feedproxy.google.com/~r/TheHackersNews/~3/oKLVmW4FIpI/north-korean-hackers-used-torisma.html
Related news
- North Korean hackers adopt ClickFix attacks to target crypto firms (source)
- Safe{Wallet} Confirms North Korean TraderTraitor Hackers Stole $1.5 Billion in Bybit Heist (source)
- Microsoft: North Korean hackers join Qilin ransomware gang (source)
- North Korean Lazarus hackers infect hundreds via npm packages (source)
- New North Korean Android spyware slips onto Google Play (source)
- New ‘Rules File Backdoor’ Attack Lets Hackers Inject Malicious Code via AI Code Editors (source)
- WhatsApp patched zero-click flaw exploited in Paragon spyware attacks (source)
- TechRepublic EXCLUSIVE: New Ransomware Attacks are Getting More Personal as Hackers ‘Apply Psychological Pressure” (source)
- Hackers Repurpose RansomHub's EDRKillShifter in Medusa, BianLian, and Play Attacks (source)
- Chinese FamousSparrow hackers deploy upgraded malware in attacks (source)