Security News > 2023 > January > North Korean Hackers Turn to Credential Harvesting in Latest Wave of Cyberattacks
A North Korean nation-state group notorious for crypto heists has been attributed to a new wave of malicious email attacks as part of a "Sprawling" credential harvesting activity targeting a number of industry verticals, marking a significant shift in its strategy.
The state-aligned threat actor is being tracked by Proofpoint under the name TA444, and by the larger cybersecurity community as APT38, BlueNoroff, Copernicium, and Stardust Chollima.
TA444 is "Utilizing a wider variety of delivery methods and payloads alongside blockchain-related lures, fake job opportunities at prestigious firms, and salary adjustments to ensnare victims," the enterprise security firm said in a report shared with The Hacker News.
The experimentation aside, TA444 has also been observed expanding the functionality of CageyChameleon to further aid in victim-profiling, while also maintaining a wide arsenal of post-exploitation tools to facilitate theft.
"In 2022, TA444 took its focus on cryptocurrencies to a new level and has taken to mimicking the cybercrime ecosystem by testing a variety of infection chains to help expand its revenue streams," Proofpoint said.
"With a startup mentality and a passion for cryptocurrency, TA444 spearheads North Korea's cash flow generation for the regime by bringing in launderable funds," Proofpoint's Greg Lesnewich said.
News URL
https://thehackernews.com/2023/01/north-korean-hackers-turn-to-credential.html
Related news
- Targus discloses cyberattack after hackers detected on file servers (source)
- Microsoft Warns: North Korean Hackers Turn to AI-Fueled Cyber Espionage (source)
- NSA warns of North Korean hackers exploiting weak DMARC email policies (source)
- China-Linked Hackers Suspected in ArcaneDoor Cyberattacks Targeting Network Devices (source)
- APT42 Hackers Pose as Journalists to Harvest Credentials and Access Cloud Data (source)
- DocGo discloses cyberattack after hackers steal patient health data (source)
- North Korean Hackers Deploy New Golang Malware 'Durian' Against Crypto Firms (source)
- North Korean Hackers Exploit Facebook Messenger in Targeted Malware Campaign (source)