Security News > 2023 > January > North Korean Hackers Turn to Credential Harvesting in Latest Wave of Cyberattacks

A North Korean nation-state group notorious for crypto heists has been attributed to a new wave of malicious email attacks as part of a "Sprawling" credential harvesting activity targeting a number of industry verticals, marking a significant shift in its strategy.

The state-aligned threat actor is being tracked by Proofpoint under the name TA444, and by the larger cybersecurity community as APT38, BlueNoroff, Copernicium, and Stardust Chollima.

TA444 is "Utilizing a wider variety of delivery methods and payloads alongside blockchain-related lures, fake job opportunities at prestigious firms, and salary adjustments to ensnare victims," the enterprise security firm said in a report shared with The Hacker News.

The experimentation aside, TA444 has also been observed expanding the functionality of CageyChameleon to further aid in victim-profiling, while also maintaining a wide arsenal of post-exploitation tools to facilitate theft.

"In 2022, TA444 took its focus on cryptocurrencies to a new level and has taken to mimicking the cybercrime ecosystem by testing a variety of infection chains to help expand its revenue streams," Proofpoint said.

"With a startup mentality and a passion for cryptocurrency, TA444 spearheads North Korea's cash flow generation for the regime by bringing in launderable funds," Proofpoint's Greg Lesnewich said.

News URL

https://thehackernews.com/2023/01/north-korean-hackers-turn-to-credential.html