Tag Archive for: korea

North Korea Using Social Engineering to Enable Hacking of Think Tanks, Academia, and Media

/in


The Federal Bureau of Investigation (FBI), the U.S. Department of State, and the National Security Agency (NSA), together with the Republic of Korea’s National Intelligence Service (NIS), National Police Agency (NPA), and Ministry of Foreign Affairs (MOFA), are jointly issuing this advisory to highlight the use of social engineering by Democratic People’s Republic of Korea (DPRK a.k.a. North Korea) state-sponsored cyber actors to enable computer network exploitation (CNE) globally against individuals employed by research centers and think tanks, academic institutions, and news media organizations. These North Korean cyber actors are known to conduct spearphishing campaigns posing as real journalists, academics, or other individuals with credible links to North Korean policy circles. The DPRK employs social engineering to collect intelligence on geopolitical events, foreign policy strategies, and diplomatic efforts affecting its interests by gaining illicit access to the private documents, research, and communications of their targets.

North Korea’s cyber program provides the regime with broad intelligence collection and espionage capabilities. The Governments of the United States and the Republic of Korea (ROK a.k.a. South Korea) have observed sustained information-gathering efforts originating from these North Korean cyber actors. North Korea’s primary military intelligence organization, the Reconnaissance General Bureau (RGB), which has been sanctioned by the United Nations Security Council, is primarily responsible for this network of actors and activities.

We assess the primary goals of the DPRK regime’s cyber program include maintaining consistent access to current intelligence about the United States, South Korea, and other countries of interest to impede any political, military, or economic threat to the regime’s security and stability.

Currently, the U.S. and ROK Governments, and private sector cyber security companies, track a specific set of DPRK cyber actors conducting these large-scale social engineering campaigns as Kimsuky, Thallium, APT43, Velvet Chollima, and Black Banshee. Kimsuky is administratively subordinate to an element within North Korea’s…

Source…

North Korea using ransomware attacks on healthcare as revenue source, Feds say 

/in


North Korean state-sponsored ransomware groups are targeting South Korean and U.S. healthcare organizations with Maui and H0lyGh0st ransomware as a way to raise revenue for the North Korean government, according to a Feb. 9 U.S. government cybersecurity advisory. 

The groups demand cryptocurrency ransoms and then use the funds for espionage cyber operations targeting the U.S. and South Korea. In July, the U.S. government recovered $500,000 that two hospitals paid as a ransom to North Korean hackers.

The Feb. 9 advisory warning is an update of a warning that came in July.

The Democratic People’s Republic of Korea often obfuscates its involvement in the ransomware attacks by working through a foreign third-party affiliate.

Source…

North Korea fires 2 missiles capable of reaching Japan in possible response to Tokyo’s new security strategy

/in


SEOUL, South Korea (AP) — North Korea test-fired a pair of ballistic missiles with a potential range of striking Japan on Sunday, in a possible protest of Tokyo’s adoption of a new security strategy to push for more offensive footing against North Korea and China.

The launches came two days after the North claimed to have performed a key test needed to build a more mobile, powerful intercontinental ballistic missile designed to strike the U.S. mainland.

The two missiles traveled from the country’s northwest Tongchangri area about 500 kilometers (310 miles) at a maximum altitude of 550 kilometers (340 miles) before landing in the waters between the Korean Peninsula and Japan, according to the South Korean and Japanese governments.

South Korea’s military described both missiles as medium-range weapons that were launched at a steep angle, suggesting they could have traveled farther if fired at a standard trajectory. North Korea usually tests medium- and longer-range missiles at a high angle to avoid neighboring countries, though it fired an intermediate-range missile over Japan in October, forcing Tokyo to issue evacuation alerts and halt trains.

In an emergency meeting, top South Korean security officials deplored North Korea’s continued provocations that they said came despite “the plight of its citizens moaning in hunger and cold due to a serious food shortage.” They said South Korea will boost a trilateral security cooperation with the U.S. and Japan, according to South Korea’s presidential office.

Japanese Vice Defense Minister Toshiro Ino separately criticized North Korea for threatening the safety of Japan, the region and the international community. The U.S. Indo-Pacific Command said the launches highlight the destabilizing impact of North Korea’s unlawful weapons of mass destruction and ballistic missile programs. It said the U.S. commitments to the defense of South Korea and Japan “remain ironclad.”

Kwon Yong Soo, a former professor at Korea National Defense University in South Korea, said North Korea likely tested its Pukguksong-2 missile, a solid-fueled, land-based variant of its Pukguksong family of missiles that can be…

Source…

North Korea Reportedly Exploited Itaewon Tragedy in Hacking Attempt

/in


Seoul, South Korea – North Korean hackers exploited public interest in October’s tragic Itaewon crowd surge to target South Koreans with malware, Google cybersecurity researchers said Wednesday.

The North Korean hackers distributed a corrupted Microsoft Word document that appeared to be an official press release from South Korea’s Ministry of Interior and Safety, according to a blog post by Google’s Threat Analysis Group, which focuses on government-backed cyber-attacks.

Once opened, the document would download another file that would attempt to deploy malware onto the user’s device.

The document exploited a weakness in the Internet Explorer web browser, an attack known as a zero-day vulnerability, the Google blog post said. In a zero-day attack, hackers exploit such unidentified flaws to gain access to a computer system.

‘We attribute this activity to a group of North Korean government-backed actors known as APT37,’ Google added, saying the group has previously carried out similar attacks.

At least 158 people died in the crowd surge, which occurred when Halloween partygoers became stuck in a narrow alley in Seoul’s Itaewon neighborhood on October 29.

A man bows in the middle of the scene of a deadly accident following Saturday night's Halloween festivities in Seoul, South Korea, Monday, Oct. 31, 2022.A man bows in the middle of the scene of a deadly accident following Saturday night's Halloween festivities in Seoul, South Korea, Monday, Oct. 31, 2022.

South Korea Probes Halloween Crowd Surge as Nation Mourns

North Korea’s government never offered condolences in the incident. Instead, North Korea fired an unprecedented barrage of missiles, including some that landed near South Korea’s coast, during the South’s period of national mourning.

FILE - A man watches a television showing a news broadcast with file footage of a North Korean missile test, at a railway station in Seoul on Nov. 18, 2022. FILE - A man watches a television showing a news broadcast with file footage of a North Korean missile test, at a railway station in Seoul on Nov. 18, 2022.

N. Korea Fires Artillery Near Border in Warning to S. Korea

Google did not specify how the North Korean hackers distributed the corrupted document, who received it or how many devices may have been affected.

Google said it became aware of the North Korean malware in late October after multiple users from South Korea uploaded the document to the company’s VirusTotal tool, which analyzes suspicious files.

Within hours of discovering the hacking attempt, Google reported it to Microsoft, which sent out security updates about a week later to protect users from the attack, Google said.

‘This is not the first time APT37 has used Internet Explorer 0-day exploits to target users,’ Google said. ‘The group has historically focused their targeting on South…

Source…