Tag Archive for: north

Beware: North Korean Hackers Allegedly Have New Modus Operandi To Steal Your Crypto

/in


KEY POINTS

  • Rogue actors allegedly backed by North Korea have stolen data from nearly 1,500 victims between March and October
  • The majority of the victims are from the private sector and 57 from incumbent or retired government officials
  • When the scam email was opened or the phishing link was clicked on, the victim’s computer would be infected with malware

The South Korean National Police Agency has warned people against North Korean malicious actors and hackers, who have been impersonating government agency officials and journalists to steal cryptocurrencies.

Rogue actors allegedly backed by the hermit country have stolen data from nearly 1,500 victims between March and October, the majority of whom were from the private sector and 57 from incumbent or retired government officials, the local media reported quoting the South Korean National Police Agency.

Malicious actors pretended to be officials from South Korea’s National Pension Service, National Health Insurance, National Tax Service and National Police Agency to send phishing emails to recipients.

When the scam email was opened or the phishing link was clicked on, the victim’s computer would be infected with malware, following which the hackers would harvest data, including personal information.

Hackers also stole user IDs and profiles of 19 victims to access their cryptocurrency trading accounts, according to the police authorities, although they did not disclose the amount of crypto assets stolen by cybercriminals.

North Korea’s hacking efforts have grown in scale and scope in 2023, according to authorities who revealed that “last year, they stripped virtual assets by distributing ransomware. That coerced victims to pay money and valuables to regain their property. ” However, this year, malicious actors have become more aggressive in phishing, which has resulted in the authorities shutting down 42 phishing websites.

It was reported earlier this month that North Korean hackers linked to the notorious cybercriminal group Lazarus Group, purportedly operating on behalf of North Korea, were impersonating blockchain engineers on Discord using social engineering techniques.

Victims reportedly download a malicious ZIP file, convinced they were…

Source…

North Korean Hacking Alert Sounded by UK and South Korea

/in


Cryptocurrency Fraud
,
Cybercrime
,
Endpoint Security

Supply Chain Attacks: Hackers Target Zero-Days in Widely Used Software, Alert Warns

Akshaya Asokan (asokan_akshaya) •
November 23, 2023    

North Korean Hacking Alert Sounded by UK and South Korea
North Korean monument to the founding of the Korean Workers’ Party. (Image: Shutterstock)

North Korean state-affiliated hackers are continuing to exploit zero-days in popular software applications as part of global supply chain attack campaigns for espionage and financial theft purposes, British and South Korean cyber agencies warned in an alert on Thursday.

See Also: Live Webinar | Generative AI: Myths, Realities and Practical Use Cases


In a joint alert, Britain’s National Cyber Security Centre and South Korea’s National Intelligence Service warned Pyongyang-affiliated hackers are targeting victims by exploiting vulnerabilities in their third-party software applications and supply chains.


These campaigns further the North Korean regime’s priorities of “revenue generation, espionage and the theft of advanced technologies,” officials said.


“In an increasingly digital and interconnected world, software supply chain attacks can have profound, far-reaching consequences for impacted organizations,” said Paul Chichester, NCSC’s director of operations.


The report did not name any specific advanced persistent groups tied to these campaigns, although does cite the recent attack against financial trading software developer 3CX as example of these large-scale supply chain attacks. The Cyprus-based software vendor, whose…

Source…

North Tonawanda School District tightens computer system security after state audit

/in


The North Tonawanda City School District has tightened protection of its computer network following an audit of its security procedures, according to a report from the State Comptroller’s Office.

“Most of the issues that were identified during the audit were addressed immediately,” School Superintendent Gregory J. Woytila wrote in response to technology audit for time between July 1, 2022, and April 12, 2023. “These enhancements will be part of the corrective action plan drafted in response to the findings.”

Auditors discovered 246 unnecessary user accounts that were subsequently disabled. Fifty-five of them were non-student accounts assigned to previous district employees, contractors and interns. One of them had been assigned to a substitute teacher who left in 2019.

The audit also found 29 unnecessary shared user accounts which were disabled and learned that no one kept track of the accounts or had a policy to disable them. Auditors said they were told that no policy had been developed because the district had not experienced a data leak or cyberattack in more than 20 years.

The audit additionally advised the district to develop an IT contingency plan so that employees could communicate and continue doing their jobs in case of a disruption.

Source…

New MacOS Malware Linked to North Korean Hackers

/in


A new macOS malware probably used by North Korean hackers to target crypto exchanges has been found by security firm Jamf. The group behind the malware is thought to be the same group behind the recently reported KandyKorn malware. 

In its report on KandyKorn, Kaspersky describes the group as ‘Lazarus’, an overarching term for North Korean hackers. Jamf describes this group as BlueNoroff, a specific group within Lazarus that is “financially motivated, frequently targeting cryptocurrency exchanges, venture capital firms, and banks.”

The new malware is tracked by Jamf as ObjCShellz and is believed to be part of what has been called the RustBucket Campaign. The researchers suspect it is a late stage part of a multi-stage malware attack. “It’s a rather simplistic remote shell,” explains Jaron Bradley, director of Jamf Threat Labs, “but effective.” It allows the attacker to deliver macOS instructions from a C2 server and collect the responses. The malware can do almost everything the user can do on the Mac, but in the background.

Jamf was not able to explore the specific intentions of the attackers with this malware, because the C2 server (located at ‘swissborg[.]blog’) was taken offline as soon as the researchers probed for more information. This is not unusual — attackers often stand down an IP to prevent investigation, only to stand it up at some future date. 

However, a possible alternative reason for taking the server offline is that the malware has already succeeded in its task. “Once they have finished the attack,” commented Bradley, “they take the server offline to prevent researchers gaining any extra insight into what is actually going on.”

The address of the C2 server is hardcoded within the malware. The malware could be reused as part of a different spear-phishing attack simply by changing the C2 link to a different lookalike domain name.

A slightly unusual feature is evident in this malware: it logs the victim server’s responses to the malware commands – both successes and failures. “The choice to log these activities is intriguing, as attackers crafting sophisticated malware typically omit any statements that might leave…

Source…