Tag Archive for: north

North Korea and Iran using AI for hacking, Microsoft says | Hacking

/in


US adversaries – chiefly Iran and North Korea, and to a lesser extent Russia and China – are beginning to use generative artificial intelligence to mount or organize offensive cyber operations, Microsoft said on Wednesday.

Microsoft said it detected and disrupted, in collaboration with business partner OpenAI, many threats that used or attempted to exploit AI technology they had developed.

In a blogpost, the company said the techniques were “early-stage” and neither “particularly novel or unique” but that it was important to expose them publicly as US rivals leveraging large-language models to expand their ability to breach networks and conduct influence operations.

Cybersecurity firms have long used machine-learning on defense, principally to detect anomalous behavior in networks. But criminals and offensive hackers use it as well, and the introduction of large-language models led by OpenAI’s ChatGPT upped that game of cat-and-mouse.

Microsoft has invested billions of dollars in OpenAI, and Wednesday’s announcement coincided with its release of a report noting that generative AI is expected to enhance malicious social engineering, leading to more sophisticated deepfakes and voice cloning. A threat to democracy in a year where over 50 countries will conduct elections, magnifying disinformation and already occurring,

Microsoft provided some examples. In each case it said all generative AI accounts and assets of the named groups were disabled:

The North Korean cyber-espionage group known as Kimsuky has used the models to research foreign thinktanks that study the country, and to generate content likely to be used in spear-phishing hacking campaigns.

Iran’s Revolutionary Guard has used large-language models to assist in social engineering, in troubleshooting software errors and even in studying how intruders might evade detection in a compromised network. That includes generating phishing emails “including one pretending to come from an international development agency and another attempting to lure prominent feminists to an attacker-built website on feminism”. The AI helps accelerate and boost the email production.

The Russian GRU military intelligence unit known…

Source…

Water services giant Veolia says ransomware attack impacted its North American backend systems – TEISS

/in



Water services giant Veolia says ransomware attack impacted its North American backend systems  TEISS

Source…

Experts spotted a new macOS Backdoor named SpectralBlur linked to North Korea

/in


Experts spotted a new macOS Backdoor named SpectralBlur linked to North Korea

Pierluigi Paganini
January 06, 2024

Researchers discovered a macOS backdoor, called SpectralBlur, which shows similarities with a North Korean APT’s malware family.

Security researcher Greg Lesnewich discovered a backdoor, called SpectralBlur, that targets Apple macOS. The backdoor shows similarities with the malware family KANDYKORN (aka SockRacket), which was attributed to the North Korea-linked Lazarus sub-group known as BlueNoroff (aka TA444).

KandyKorn is an advanced implant with a variety of capabilities to monitor, interact with, and avoid detection. It utilizes reflective loading, a direct-memory form of execution that may bypass detections,” notes Elastic Security, which identified and analyzed the threat.” reads the report published by Elastic.

SpectralBlur is not a sophisticated malware, it supports ordinary backdoor capabilities, including uploading/downloading files, running a shell, updating its configuration, deleting files, hibernating or sleeping, based on commands issued from the C2.

“TA444 keeps running fast and furious with these new MacOS malware families. Looking for similar strings lead us to link SpectralBlur and KandyKorn (which were further linked to TA444 after more samples turned up, and eventually, a phishing campaign hit our visibility that pulled down KandyKorn).” concludes Lesnewich. “So knowing your Macho stuff will help track emerging DPRK capability if that is your interest!”

The latest discovery confirms the great interest of North Korea-linked threat actors in developing macOS malware to employ in targeted attacks.

In November 2023, researchers from Jamf Threat Labs discovered a new macOS malware strain dubbed ObjCShellz and attributed it to North Korea-linked APT BlueNoroff.

The experts noticed that the ObjCShellz malware shares similarities with the RustBucket malware campaign associated with the BlueNoroff APT group.

In July 2023, researchers from the Elastic Security Labs spotted a new variant of the RustBucket Apple macOS malware. In April, the security firm Jamf observed the North Korea-linked BlueNoroff APT group using a…

Source…

US, partners target North Korea with sanctions following satellite launch

/in


WASHINGTON/SEOUL (Reuters) -The United States on Thursday targeted North Korea with fresh sanctions after its launch of a spy satellite last week, designating foreign-based agents it accused of facilitating sanctions evasion to gather revenue and technology for its weapons of mass destruction program.

The U.S. Treasury Department in a statement said it also applied sanctions to cyber espionage group Kimsuky, accusing it of gathering intelligence to support North Korea’s strategic and nuclear ambitions.

Thursday’s action, taken in coordination with Australia, Japan and Korea, comes after North Korea last week successfully launched its first reconnaissance satellite, which it has said was designed to monitor U.S. and South Korean military movements.

“Today’s actions by the United States, Australia, Japan, and the Republic of Korea reflect our collective commitment to contesting Pyongyang’s illicit and destabilizing activities,” Treasury’s Under Secretary for Terrorism and Financial Intelligence, Brian Nelson, said in the statement.

“We will remain focused on targeting these key nodes in the DPRK’s illicit revenue generation and weapons proliferation,” Nelson added, calling North Korea by the initials of its official name, the Democratic People’s Republic of Korea.

South Korea’s foreign ministry said on Friday that it had blacklisted 11 North Koreans for involvement in the country’s satellite and ballistic missile development, banning them from any financial transactions.

The list includes senior officials from the National Aerospace Technology Administration, which oversaw the satellite launch, and the munitions industry department.

North Korea’s mission to the United Nations in New York did not immediately respond to a request for comment on Thursday’s sanctions.

Since the launch of the satellite, North Korea said that its leader, Kim Jong Un, has reviewed spy satellite photos of the White House, Pentagon and U.S. aircraft carriers at the naval base of Norfolk. Its state media has also reported that the satellite photographed cities and military bases in South Korea, Guam, and Italy, in addition to Washington.

On Monday, the United Nations ambassadors of the United States and North Korea…

Source…