Security News > 2023 > March > North Korean hackers using Chrome extensions to steal Gmail emails
A joint cybersecurity advisory from the German Federal Office for the Protection of the Constitution and the National Intelligence Service of the Republic of Korea warn about Kimsuky's use of Chrome extensions to steal target's Gmail emails.
Kimsuky is a North Korean threat group that uses spear phishing to conduct cyber-espionage against diplomats, journalists, government agencies, university professors, and politicians.
The extension is named 'AF' and can only be seen in the extensions list if the user enters "(chrome|edge| brave)://extensions" in the browser's address bar.
Once the victim visits Gmail through the infected browser, the extension automatically activates to intercept and steal the victim's email content.
This is not the first time Kimsuky has used malicious Chrome extensions to steal emails from breached systems.
In July 2022, Volexity reported about a similar campaign using an extension named "SHARPEXT." In December 2018, Netscout reported that Kimsuky was following the same tactic against academia targets.
News URL
Related news
- Hackers Deploy Malicious npm Packages to Steal Solana Wallet Keys via Gmail SMTP (source)
- North Korean Hackers Deploy FERRET Malware via Fake Job Interviews on macOS (source)
- North Korean Hackers Exploit PowerShell Trick to Hijack Devices in New Cyberattack (source)
- North Korean hackers spotted using ClickFix tactic to deliver malware (source)
- Microsoft: Hackers steal emails in device code phishing attacks (source)
- North Korean Hackers Target Freelance Developers in Job Scam to Deploy Malware (source)
- North Korean hackers linked to $1.5 billion ByBit crypto heist (source)
- OpenAI bans ChatGPT accounts used by North Korean hackers (source)
- North Korean Hackers Steal $1.5B in Cryptocurrency (source)
- Bybit Hack Traced to Safe{Wallet} Supply Chain Attack Exploited by North Korean Hackers (source)