‘No Pineapple’ Hacking Campaign Reveals North Korean Toolkit

/in


Cybercrime
,
Cyberwarfare / Nation-State Attacks
,
Endpoint Security

Espionage Campaign Bore Telltale Signs of Pyongyang – And a Major OPSEC Failure

Jayant Chakravarti (@JayJay_Tech) •
February 2, 2023    

'No Pineapple' Hacking Campaign Reveals North Korean Toolkit
A picture of a lot of pineapple, the opposite of the “No Pineapple” North Korean hacking campaign (Image: Shutterstock)

A threat intelligence firm spotted North Korean hackers engaged in technological espionage in a campaign that betrayed recurring elements of the Pyongyang hacking toolkit.

See Also: Live Webinar | Navigating the Difficulties of Patching OT

Cybersecurity firm WithSecure says* it detected a campaign targeting the medical research and energy sectors that came to its attention after endpoint detection scans showed a Cobalt Strike beacon on a customer’s servers connecting to known threat actor IP addresses.

Researchers from the Finnish company dub the campaign “No Pineapple,” taking the name from the apparently fruit-loving software developer of a remote access Trojan called acres.exe deployed by the hackers. The tool truncates data exfiltration messages greater than 1,024 bytes with the message “No Pineapple!”

Many campaign indicators point to North Korea and possibly to the government hacking unit Mandiant identifies as Bureau 325. Attribution to North Korean hackers often occurs under the catchall rubric of Lazarus Group, but Mandiant argues that different cyber units specialize in different types of operations despite nearly all North Korean cyber activity…

Source…