HomeUpdatehow a North Korean suspect is linked to cyberattacks campaigns

how a North Korean suspect is linked to cyberattacks campaigns

-

Last Updated on 23/11/2021 by Nidhi Khandelwal

A North Korean-connected threat actor has been linked to a wave of credential theft campaigns aimed at research, education, government, media, and other organisations, with two of the assaults also attempting to spread malware that may be used for intelligence gathering.

The infiltrations were attributed to a group known as TA406 by enterprise security firm Proofpoint, as well as by the wider threat intelligence community under the names Kimsuky (Kaspersky), Velvet Chollima (CrowdStrike), Thallium (Microsoft), Black Banshee (PwC), ITG16 (IBM), and the Konni Group (Cisco Talos).

how a North Korean suspect is linked to cyberattacks campaigns 1

Weekly campaigns targeting policy experts, journalists, and nongovernmental organisations (NGOs) were observed between January and June 2021, according to Proofpoint researchers Darien Huss and Selena Larson, who detailed the actor’s tactics, techniques, and procedures (TTPs) in a technical report. The attacks were spread across North America, Russia, China, and South Korea.

According to Proofpoint analysts Darien Huss and Selena Larson, who outlined the actor’s tactics, methods, and procedures (TTPs) in a technical study, weekly campaigns targeting policy experts, journalists, and nongovernmental organisations (NGOs) were seen between January and June 2021. North America, Russia, China, and South Korea were all hit by the strikes.

how a North Korean suspect is linked to cyberattacks campaigns 2

According to a public alert issued by the US Cybersecurity and Infrastructure Security Agency (CISA) in October 2020, the group is known for luring targets in with convincing social engineering schemes and watering hole attacks before sending them malware-infected payloads or duping them into submitting sensitive credentials to phishing sites.

The group is known for luring targets in with convincing social engineering schemes and watering hole attacks before sending malware-infected payloads or duping them into submitting sensitive credentials to phishing sites, according to a public alert issued by the US Cybersecurity and Infrastructure Security Agency (CISA) in October 2020.

Nidhi Khandelwal
Nidhi Khandelwal
Nidhi is a tech news/research contributor at TheDigitalHacker. She publishes about techno geopolitics, privacy, and data breach.
- Advertisment -

Must Read

edge-ai

Challenges and Opportunities in Deploying AI Solutions in Edge Computing Environments

0
Edge AI is a ground-breaking new paradigm that has the potential to completely change how companies run. Organizations can seize new chances for creativity,...