Tag Archive for: Korean

North Korean hackers are ‘the world’s leading bank robbers,’ U.S. charges

/in


It also incorporates earlier allegations about North Korea’s role in the massive Sony hack, which allegedly retaliated for the studio’s release of a satirical film about leader Kim Jong Un, and the WannaCry ransomware outbreak, which infected networks in 150 countries and may have caused as much as $4 billion in losses.

“North Korea’s operatives, using keyboards rather than guns, stealing digital wallets of cryptocurrency instead of sacks of cash, are the world’s leading 21st century nation-state bank robbers,” John Demers, the assistant attorney general for national security, told reporters during a press call.

In a second announcement on Wednesday, the U.S. charged a Canadian man, Ghaleb Alaumary, with helping North Korea launder money stolen through criminal schemes such as those contained in the new indictment. Alaumary, who already faces separate cybercrime charges in Georgia, is in U.S. custody and has pleaded guilty to the newly announced charges.

According to the North Korean indictment, from 2015 to 2019, the three hackers and their co-conspirators tried to steal money from banks in Vietnam, Bangladesh, Taiwan, Mexico, Malta and elsewhere by hacking into their networks and generating fraudulent transfers through a global financial platform. One of these intrusions, into the Bank of Bangladesh, netted them a record $81 million.

The hackers also stole approximately $112 million from cryptocurrency companies after infecting them with malware by tricking them into downloading fake trading applications, prosecutors alleged. On Wednesday, the FBI, the Treasury Department and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency released a technical report about those applications.

“In most instances, the malicious application — seen on both Windows and Mac operating systems — appears to be from a legitimate cryptocurrency trading company, thus fooling individuals into downloading it as a third-party application from a website that seems legitimate,” the agencies said.

Prosecutors have obtained warrants to seize and return $1.8 million of the stolen cryptocurrency to a New York financial services firm, which they did not…

Source…

Google says North Korean state hackers are targeting security researchers on social media

/in


  • Google believes that hackers in North Korea are pretending to be cybersecurity bloggers and targeting researchers in the field on social media platforms like Twitter and LinkedIn.
  • The search giant announced that its Threat Analysis Group has “identified an ongoing campaign targeting security researchers working on vulnerability research and development at different companies and organizations.”
  • It attributed the campaign to a government-backed entity based in North Korea.



a man sitting at a desk in front of a computer

© Provided by CNBC


Google believes that hackers in North Korea are pretending to be cybersecurity bloggers and targeting researchers in the field on social media platforms like Twitter and LinkedIn.

Loading...

Load Error

The search giant announced that its Threat Analysis Group has “identified an ongoing campaign targeting security researchers working on vulnerability research and development at different companies and organizations.”

It attributed the campaign to a government-backed entity based in North Korea. The nation’s cooperation office with South Korea did not immediately respond to CNBC’s request for comment..

Google said the actors have targeted specific security researchers with a “novel social engineering” technique, although it didn’t specify which researchers have been targeted.

Google’s Adam Weidemann said in a blog on Monday that the hackers set up a research blog and created multiple Twitter profiles to engage with security researchers.

The hackers used these accounts to post links to the blog and share videos of software exploits that they claimed to have found, Google said. 

They also used LinkedIn, Telegraph, Discord, Keybase and email to engage with security researchers, Google said.

“After establishing initial communications, the actors would ask the targeted researcher if they wanted to collaborate on vulnerability research together,” wrote Weidemann.

The actors then shared a group of files with the researchers that contained malware — software that is intentionally designed to cause damage to a computer, server, client, or computer network.

Google listed several accounts and websites that it believes are controlled by the hackers. The list includes 10 Twitter profiles and five LinkedIn…

Source…

Vulnerability Researchers Hit by North Korean Hackers

/in


Application Security
,
Containerization & Sandboxing
,
Cybercrime

Google Warns Social Engineering Attacks Have Been Backdooring Researchers’ Systems

Mathew J. Schwartz (euroinfosec) •
January 26, 2021    

Vulnerability Researchers Hit by North Korean Hackers
Tweets used by attackers to demonstrate previous “exploits” they’d discovered (Source: Google)

North Korean hackers have been “targeting security researchers working on vulnerability research and development at different companies and organizations” to trick them into installing backdoored software.

See Also: Rapid Digitization and Risk: A Roundtable Preview


So warns Google’s Threat Analysis Group in a Monday blog post detailing what it says is a months-long attack campaign that has already notched up multiple victims.


The campaign traces to “a government-backed entity based in North Korea,” which has used a variety of techniques to trick researchers, Google warns. “We hope this post will remind those in the security research community that they are targets to government-backed attackers and should remain vigilant when engaging with individuals they have not previously interacted…

Source…

Coronavirus Vaccine Makers Targeted By North Korean Hackers Who Wanted To Steal Information

/in


KEY POINTS

  • Kimsuky hacker group targeted at least six drugmakers
  • The cyberattacks targeted companies developing COVID-19 treatment
  • Russian and North Korean hackers attacked AstraZeneca in November

A group of North Korean hackers has targeted half a dozen pharmaceutical companies in the United States, United Kingdom and South Korea in a coordinated cyberattack. 

Kimsuky, a notorious hacker group, targeted drugmakers working on potential coronavirus vaccines and treatments as part of an effort to steal sensitive information that could be sold or weaponized by the North Korean regime. 

Authorities said any stolen information could be used to extort victims or give foreign governments a strategic advantage. 

Since August, the hackers have worked to infiltrate U.S. companies Johnson & Johnson and Novavax Inc. The hackers also launched coordinated cyberattacks on South Korean companies Genexine Inc., Shin Poong Pharmaceutical Co. and Celltrion Inc., sources told the Wall Street Journal.

Both American drugmakers are working on experimental vaccines for the novel coronavirus, while the three South Korean pharmaceutical companies are holding early clinical trials of their COVID-19 drugs. 

The “Kimsuky” hackers create e-mail accounts that enable them to pose as colleagues or friends. The messages contain malicious attachments that , when clicked on, would allow hackers to penetrate the targets’ computer systems. 

It is unclear whether the hackers have stolen crucial information from any of their target companies. 

The latest hacking attempt came a week after Kimsuky attempted to break into the systems of British biopharmaceutical company AstraZeneca, two people familiar with the incident told Reuters

The hackers reportedly posed as recruiters on LinkedIn and WhatsApp, where they found and approached AstraZeneca employees with fake job offers. They then sent a document containing “more information about the job.” It was later discovered that the files had malicious codes designed to grant the hackers access to their target’s computers. 

The “Kimsuky” hackers targeted multiple employees, including people who were working on crucial coronavirus research. However, the…

Source…