Tag: Korean | Page 6

Tag Archive for: Korean

(LEAD) Chinese hackers attack 12 S. Korean academic institutions: KISA

January 25, 2023/in Internet Security

(ATTN: ADDS photo, more details in last 7 paras)

SEOUL, Jan. 25 (Yonhap) — South Korea’s internet safety watchdog said Wednesday a Chinese hacking group has launched a cyberattack against 12 South Korean academic institutions.

The Korea Internet & Security Agency (KISA) said the attackers hacked into the websites of 12 institutions Sunday, which included some departments of Jeju University and the Korea National University of Education.

Most of the 12 websites, including that of the Korea Research Institute for Construction Policy, were still unavailable for access as of 10 a.m. Wednesday.

KISA said the Chinese hacking group had warned of a cyberattack against multiple S. Korean agencies, including KISA.

But the internet watchdog’s site was not affected, it said.

The Chinese hacking group, identifying itself as the Cyber Security Team, claimed it had successfully compromised the computer networks of 70 South Korean educational institutions around the Lunar New Year holiday that ran from Saturday to Tuesday.

The group also warned that it will disclose 54 gigabytes of data it claimed to have stolen from South Korea’s government and public institutions.

The Ministry of Science and ICT asked government agencies and individuals to stay vigilant against rising hacking threats.

Science Minister Lee Jong-ho visited the Korea Internet Security Center on Tuesday to check on the security posture against possible cyberattacks.

(LEAD) Chinese hackers attack 12 S. Korean academic institutions: KISA - 1

(END)

Source…

https://spinsafe.com/wp-content/uploads/2023/01/LEAD-Chinese-hackers-attack-12-S-Korean-academic-institutions-KISA.jpg 211 375 SecureTech https://spinsafe.com/wp-content/uploads/2024/01/SS-Logo.svg SecureTech2023-01-25 00:00:072023-01-25 00:00:07(LEAD) Chinese hackers attack 12 S. Korean academic institutions: KISA

North Korean hacking outfit impersonating venture capital firms

December 27, 2022/in Internet Security

A financially-motivated hacking group tied to North Korea has been impersonating venture capital firms in Japan, the United States and other countries in an effort to spearphish startup employees and related businesses, according to new research.

In a report released Tuesday, security researchers at Kaspersky said the group – tracked as “BlueNoroff” by Kaspersky and “HiddenCobra” by others – registered at least 70 web domains over the last year mimicking the websites of real venture capital firms in Japan and other financial institutions. The sites function as phishing lures to deliver malware and Kaspersky believes that start up employees are among the targeted victims, as several decoy documents were crafted to look like job offers.

“The actor usually used fake domains such as cloud hosting services for hosting malicious documents or payloads. They also created fake domains disguised as legitimate companies in the financial industry and investment companies,” wrote Seongsu Park, lead security researcher at Kaspersky.

The group appears primarily interested in Japanese businesses, targeting local venture capital firms like Beyond Next Ventures, Z Venture Capital and ABF Capital. They also impersonated a Taiwanese venture capital fund as well as financial institutions like Bank of America, the Sumitomo Mitsui Banking Corporation and the Mitsubishi UFJ Financial Group.

A partial list of spoofed websites registered by BlueNoroff. (Image credit: Kaspersky)

Kaspersky places BlueNoroff as part of Lazarus Group – an umbrella term security researchers use to describe a loose network of financial and espionage-focused hacking teams who generally work on behalf of the North Korean government. The group has more lately been focused on hacking crypocurrency startups with similar impersonation tactics but is also perhaps best-known for making off with more than $80 in 2016 after breaking into SWIFT transfer payments used by the Bank of Bangladesh.

Kaspersky also identified a number of new malware delivery techniques employed by the group. In September, telemetry collected by the cybersecurity firm turned up evidence that the group was experimenting with a variety of new file types…

Source…

https://spinsafe.com/wp-content/uploads/2022/12/North-Korea.jpg 1299 2308 SecureTech https://spinsafe.com/wp-content/uploads/2024/01/SS-Logo.svg SecureTech2022-12-27 17:00:062022-12-27 17:00:06North Korean hacking outfit impersonating venture capital firms

North Korean hackers exploited Internet Explorer zero-day to spread malware

December 16, 2022/in Computer Security

North Korean state-sponsored hackers exploited a previously unknown zero-day vulnerability in Internet Explorer to target South Korean users with malware, according to Google’s Threat Analysis Group.

Google researchers first discovered the zero-day flaw on October 31 when multiple individuals uploaded a malicious Microsoft Office document to the company’s VirusTotal tool. These documents purported to be government reports related to the Itaewon tragedy, a crowd crush that occurred during Halloween festivities in the Itaewon neighborhood of Seoul. At least 158 people were killed and 196 others were injured.

“This incident was widely reported on, and the lure takes advantage of widespread public interest in the accident,” Google TAG’s Clement Lecigne and Benoit Stevens said on Wednesday.

The malicious documents were designed to exploit a zero-day vulnerability in Internet Explorer’s Script engine, tracked as CVE-2022-41128 with a CVSS severity rating of 8.8. Once opened, the document would deliver an unknown payload after downloading a rich text file (RTF) remote template that would render remote HTML using Internet Explorer. Although Internet Explorer was officially retired back in June and replaced by Microsoft Edge, Office still uses the IE engine to execute the JavaScript that enables the attack.

“This technique has been widely used to distribute IE exploits via Office files since 2017,” Lecigne and Stevens said. “Delivering IE exploits via this vector has the advantage of not requiring the target to use Internet Explorer as its default browser.”

The researchers added that Google reported the vulnerability to Microsoft on October 31 before it was fixed a week later as part of Microsoft’s November 2022 Patch Tuesday security updates.

Google has attributed the activity to a North Korean-backed hacking group known as APT37, which has been active since at least 2012 and has been previously observed exploiting zero-day flaws to target South Korean users, North Korean defectors, policymakers, journalists and human rights activists. Cybersecurity company FireEye previously said it assessed with “high confidence” that APT37 activity is carried out on behalf of the North…

Source…

https://spinsafe.com/wp-content/uploads/2022/12/ef180b69e2e831b47f5ff27d21e673c6.jpeg 900 1200 SecureTech https://spinsafe.com/wp-content/uploads/2024/01/SS-Logo.svg SecureTech2022-12-16 03:30:132022-12-16 03:30:13North Korean hackers exploited Internet Explorer zero-day to spread malware

North Korean hackers offer fake jobs to distribute malware

September 30, 2022/in Computer Security

Lazarus, a state-sponsored hacker group based in North Korea, is now using open-source software and creating fake jobs in order to spread malware, says Microsoft.

The well-known group of hackers is targeting many key industry sectors, such as technology, media entertainment, and defense, and it’s using many different kinds of software to carry out these attacks.

Microsoft

The next time you get a message on LinkedIn, you should be careful. Microsoft warns that the North Korea-based threat group has been actively using open-source software infected with trojans to attack industry professionals. Microsoft has determined that these social engineering attacks started in late April and continued until at least mid-September.

Lazarus, also referred to as ZINC, Labyrinth Chollima, and Black Artemis, is a state-sponsored military hacking group from North Korea. It’s said that it has been active since at least 2009, and since then it’s been responsible for a variety of large attacks, including phishing, ransomware campaigns, and more.

The group has been creating fake LinkedIn recruiter profiles and approaching suitable candidates with job offers at legitimate, existing companies. “Targets received outreach tailored to their profession or background and were encouraged to apply for an open position at one of several legitimate companies,” said Microsoft.

Once the victims were convinced to move the conversation over from LinkedIn to WhatsApp, which offers encrypted communication, the hackers moved on to the next step. During the WhatsApp conversation, the targets received infected software that allowed Lazarus to deploy malware on their systems.

The end goal for the hackers was to be able to steal sensitive information or obtain access to valuable networks. Aside from the malware — which was found in programs such as PuTTY, KiTTY, TightVNC, muPDF/Subliminal Recording, and Sumatra PDF Reader — the attacks were well-engineered on the social side of things, too, with LinkedIn profiles and companies picked to match the victim’s profession.

Getty Images

As noted by Bleeping Computer, ZINC has also carried out similar attacks by using fake social media personas to distribute malware….

Source…

https://spinsafe.com/wp-content/uploads/2022/07/hacker-breaking-into-a-system-using-computer.jpg 1414 2121 SecureTech https://spinsafe.com/wp-content/uploads/2024/01/SS-Logo.svg SecureTech2022-09-30 17:30:102022-09-30 17:30:10North Korean hackers offer fake jobs to distribute malware