Category: North Korea

Interesting social engineering attack: luring potential job applicants with fake recruiting pitches, trying to convince them to download malware. From a news article

These particular attacks from North Korean state-funded hacking team Lazarus Group are new, but the overall malware campaign against the Python development community has been running since at least August of 2023, when a number of popular open source Python tools were maliciously duplicated with added malware. Now, though, there are also attacks involving “coding tests” that only exist to get the end user to install hidden malware on their system (cleverly hidden with Base64 encoding) that allows remote execution once present. The capacity for exploitation at that point is pretty much unlimited, due to the flexibility of Python and how it interacts with the underlying OS.

In episode 14 of "The AI Fix", Graham makes an apology, Mark wonders if suicide drones have second thoughts, people pretend to be robots, and some researchers prove that all you need for an AI to generate a somewhat usable version of the computer game Doom out of thin air is to already have a fully-working copy of the computer game Doom. Graham learns how to escape from a police sniffer elephant, an AI-generates a smell with no odour, and Mark explains why the world's best LLMs think there are two Rs in "strawberry". All this and much more is discussed in the latest edition of "The AI Fix" podcast by Graham Cluley and Mark Stockley.

APT45, a cyber threat group associated with North Korea’s Reconnaissance General Bureau, known by aliases such as Stonefly, Silent Colima, Nickey Hayatt, Andriel, and Onyx Sleet, has recently shifted its focus from cyber espionage to spreading ransomware. The group has been observed targeting organizations in South Korea, Japan, and the United States.

Security researchers from Google’s Mandiant have analyzed the group’s activities and found them deploying Shattered Glass Ransomware. This ransomware variant was last detected between June 2021 and June 2022 by Kaspersky.

Previously, APT45 had concentrated on stealing healthcare and crop science information from research and development institutions linked to various governments worldwide.

North Korea, under Kim Jong Un’s leadership, has historically conducted cyber attacks targeting cryptocurrency companies to steal digital assets and gather intelligence for resale to interested parties. The recent shift towards ransomware may be motivated by the potential for substantial financial gains to fund North Korea’s nuclear ambitions.

The discovery of APT45’s new tactics coincided with KnowBe4’s revelation that it had been targeted by a North Korean cyber crime group. The group attempted to infiltrate KnowBe4’s development network by planting a fake employee with a fabricated identity. KnowBe4 robust administrative and security measures prevented the infiltration before any intelligence could be extracted from their servers or malware could be deployed on their network.

Remember, paying a ransom doesn’t guaranty a decryption key for sure and moreover it increases the risk level by a mile as the criminals try to attack the same network multiple times in a year, by exploiting the same vulnerability. Furthermore it gives a confidence to threat actors that their malicious motives will surely be rewarded.

The post Ransomware shift from Cyber Espionage for North Korea appeared first on Cybersecurity Insiders.

Microsoft gets itself into a pickle with a privacy-popping new feature on its CoPilot+ PCs, the FTC warns of impersonated companies, and is your company hiring North Korean IT workers? All this and much much more is discussed in the latest edition of the “Smashing Security” podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by author, journalist, and podcaster Geoff White.

North Korea, under the leadership of Kim Jong-un, faces stringent sanctions from Western nations, exacerbating the nation’s dire shortage of semiconductor equipment crucial for its nuclear, satellite, and intelligence operations.

In response to this scarcity, North Korea has intensified its espionage and cyber-attacks, particularly targeting companies in South Korea manufacturing semiconductor equipment. These attacks aim to pilfer sensitive information, including product designs, facility photographs, and operational details, to fulfill its technological requirements.

The National Intelligence Service of South Korea has issued a statement revealing North Korea’s intentions to escalate such cyber operations against domestic and international firms. The ultimate goal is to acquire technical knowledge from the semiconductor manufacturing sector to advance its own capabilities, particularly in developing satellites, missiles, and other weaponry, while minimizing costs.

Confirmed reports indicate that these cyber-attacks have primarily targeted South Korean entities. State-sponsored hackers from North Korea are adept at identifying and exploiting vulnerabilities in networks, swiftly exfiltrating valuable data to their home servers. Subsequently, qualified personnel are tasked with reverse engineering the stolen designs and products, making subtle modifications to avoid potential allegations of counterfeiting.

Notably, North Korean hackers employ sophisticated techniques like “Living off the Land,” enabling them to embed malicious code into servers, evading detection by conventional security software.

In response to North Korea’s belligerence, Seoul, in collaboration with North American allies, has initiated military drills to demonstrate preparedness in countering any potential aggression from the Kim Jong-un regime. The United States Forces Korea and South Korea’s Defense Ministry have jointly confirmed these exercises, emphasizing their role in deterring North Korea’s nuclear threats.

This proactive stance comes in the wake of North Korea’s decision to suspend the delivery of missiles and arms to Russia, intended for potential deployment against Ukraine starting May 2024.

The post North Korea launches cyber-attacks on Semiconductor industry appeared first on Cybersecurity Insiders.

Recent estimates suggest that North Korea has amassed approximately $3 billion through a series of ransomware attacks targeting businesses and other cyber-attacks on cryptocurrency trading platforms. These illicit gains are believed to be directed towards supporting Kim Jong Un’s nuclear ambitions.

A UN report, corroborated by Reuters News Agency, indicates that the Democratic People’s Republic of Korea has engaged in the theft of cryptocurrency and proceeds from ransom payments, channeling these funds into the development of its nuclear infrastructure.

Under mounting sanctions from nations like the UK and the USA, the North Korean regime appears to be intensifying its cyber warfare efforts. It is projected to expand its range of attack vectors in order to double its earnings over the next two years, with purported agreements in place with nations led by Putin and Xi Jinping.

In response to these revelations, the UK’s GCHQ arm, NCSC, has issued a cautionary advisory to Western nations, urging them to reinforce their critical infrastructure. Concerns have been raised regarding espionage activities, such as the planting of malware (as seen in the Volt Typhoon campaign) within critical infrastructure components supplied by certain Asian nations, notably China. This infiltration reportedly dates back to 2017, during Boris Johnson’s tenure as Prime Minister.

Additionally, the US law enforcement, under the leadership of President Joe Biden, has intensified its pursuit of the Hive Ransomware group. The State Department has recently announced a formal reward of up to $10 million for individuals providing actionable intelligence on key leaders associated with the Hive Ransomware operations.

Although the FBI had partially dismantled Hive’s computer network in July 2022, the criminal group managed to resume its activities from October 2023 on-wards, targeting victims across more than 80 countries. The FBI aims to disrupt these operations and is offering substantial rewards for information leading to the apprehension of the perpetrators, ensuring anonymity and confidentiality for informants.

The post North Korea raked $3 billion from Ransomware and US offers $10m for Hive appeared first on Cybersecurity Insiders.