Security News > 2023 > January > North Korean Hackers Turn to Credential Harvesting in Latest Wave of Cyberattacks
A North Korean nation-state group notorious for crypto heists has been attributed to a new wave of malicious email attacks as part of a "Sprawling" credential harvesting activity targeting a number of industry verticals, marking a significant shift in its strategy.
The state-aligned threat actor is being tracked by Proofpoint under the name TA444, and by the larger cybersecurity community as APT38, BlueNoroff, Copernicium, and Stardust Chollima.
TA444 is "Utilizing a wider variety of delivery methods and payloads alongside blockchain-related lures, fake job opportunities at prestigious firms, and salary adjustments to ensnare victims," the enterprise security firm said in a report shared with The Hacker News.
The experimentation aside, TA444 has also been observed expanding the functionality of CageyChameleon to further aid in victim-profiling, while also maintaining a wide arsenal of post-exploitation tools to facilitate theft.
"In 2022, TA444 took its focus on cryptocurrencies to a new level and has taken to mimicking the cybercrime ecosystem by testing a variety of infection chains to help expand its revenue streams," Proofpoint said.
"With a startup mentality and a passion for cryptocurrency, TA444 spearheads North Korea's cash flow generation for the regime by bringing in launderable funds," Proofpoint's Greg Lesnewich said.
News URL
https://thehackernews.com/2023/01/north-korean-hackers-turn-to-credential.html
Related news
- North Korean Hackers Using New VeilShell Backdoor in Stealthy Cyber Attacks (source)
- MoneyGram confirms hackers stole customer data in cyberattack (source)
- Hackers Exploit Roundcube Webmail XSS Vulnerability to Steal Login Credentials (source)
- Hackers exploit Roundcube webmail flaw to steal email, credentials (source)
- Hackers steal 15,000 cloud credentials from exposed Git config files (source)
- North Korean govt hackers linked to Play ransomware attack (source)
- North Korean hackers pave the way for Play ransomware (source)
- Microsoft: Chinese hackers use Quad7 botnet to steal credentials (source)
- North Korean hackers employ new tactics to compromise crypto-related businesses (source)
- North Korean Hackers Target Crypto Firms with Hidden Risk Malware on macOS (source)