Security News
North Korean hacking group Thallium has targeted users of a private stock investment messenger service in a software supply chain attack, according to a report published this week. Attackers alter the installer of a stock investment app.
North Korean nation-state hackers tracked as the Lazarus Group have recently compromised organizations involved in COVID-19 research and vaccine development. After slithering into their network, the North Korean state hackers deployed Bookcode and wAgent malware with backdoor capabilities.
Threat actors such as the notorious Lazarus group are continuing to tap into the ongoing COVID-19 vaccine research to steal sensitive information to speed up their countries' vaccine-development efforts. Cybersecurity firm Kaspersky detailed two incidents at a pharmaceutical company and a government ministry in September and October leveraging different tools and techniques but exhibiting similarities in the post-exploitation process, leading the researchers to connect the two attacks to the North Korean government-linked hackers.
The North Korea-linked threat actor known as Lazarus was recently observed launching cyberattacks against two entities involved in COVID-19 research. Active since at least 2009 and believed to be backed by the North Korean government, Lazarus is said to have orchestrated some high-profile attacks, including the WannaCry outbreak.
Microsoft said it has detected attempts by state-backed Russian and North Korean hackers to steal valuable data from leading pharmaceutical companies and vaccine researchers. Microsoft said most of the targets - located in Canada, France, India, South Korea and the United States - were "Directly involved in researching vaccines and treatments for COVID-19." It did not name the targets but said most had vaccine candidates in various stages of clinical trials.
The attacks, which targeted IP-addresses belonging to internet service providers in Australia, Israel, Russia, and defense contractors based in Russia and India, involved a previously undiscovered spyware tool called Torisma to stealthily monitor its victims for continued exploitation. Tracked under the codename of "Operation North Star" by McAfee researchers, initial findings into the campaign in July revealed the use of social media sites, spear-phishing, and weaponized documents with fake job offers to trick employees working in the defense sector to gain a foothold on their organizations' networks.
A week after the US government issued an advisory about a "Global intelligence gathering mission" operated by North Korean state-sponsored hackers, new findings have emerged about the threat group's spyware capabilities. The APT - dubbed "Kimsuky" and believed to be active as early as 2012 - has been now linked to as many as three hitherto undocumented malware, including an information stealer, a tool equipped with malware anti-analysis features, and a new server infrastructure with significant overlaps to its older espionage framework.
North Korea-linked threat actor Kimsuky was recently observed using brand new malware in attacks on government agencies and human rights activists, Cybereason's security researchers say. In a newly published report, Cybereason's Nocturnus team provides details on two new malware families associated with Kimsuky, namely a previously undocumented modular spyware called KGH SPY, and a new malware downloader called CSPY Downloader.
An alert released by the United States this week provides information on Kimsuky, a threat actor focused on gathering intelligence on behalf of the North Korean government. The malicious cyber activity associated with the North Korean government is typically referred to as HIDDEN COBRA by the United States.
Security researchers with Intel 471 have identified connections between cyber-activities attributed to North Korean hackers and those of Russian cybercriminals. In a report published today, Intel 471 says malware that only the North Korean hackers use "Was very likely delivered via network accesses held by Russian-speaking cybercriminals."