Last Updated on 23/11/2021 by Nidhi Khandelwal
A North Korean-connected threat actor has been linked to a wave of credential theft campaigns aimed at research, education, government, media, and other organisations, with two of the assaults also attempting to spread malware that may be used for intelligence gathering.
The infiltrations were attributed to a group known as TA406 by enterprise security firm Proofpoint, as well as by the wider threat intelligence community under the names Kimsuky (Kaspersky), Velvet Chollima (CrowdStrike), Thallium (Microsoft), Black Banshee (PwC), ITG16 (IBM), and the Konni Group (Cisco Talos).
Weekly campaigns targeting policy experts, journalists, and nongovernmental organisations (NGOs) were observed between January and June 2021, according to Proofpoint researchers Darien Huss and Selena Larson, who detailed the actor’s tactics, techniques, and procedures (TTPs) in a technical report. The attacks were spread across North America, Russia, China, and South Korea.
According to Proofpoint analysts Darien Huss and Selena Larson, who outlined the actor’s tactics, methods, and procedures (TTPs) in a technical study, weekly campaigns targeting policy experts, journalists, and nongovernmental organisations (NGOs) were seen between January and June 2021. North America, Russia, China, and South Korea were all hit by the strikes.
According to a public alert issued by the US Cybersecurity and Infrastructure Security Agency (CISA) in October 2020, the group is known for luring targets in with convincing social engineering schemes and watering hole attacks before sending them malware-infected payloads or duping them into submitting sensitive credentials to phishing sites.
The group is known for luring targets in with convincing social engineering schemes and watering hole attacks before sending malware-infected payloads or duping them into submitting sensitive credentials to phishing sites, according to a public alert issued by the US Cybersecurity and Infrastructure Security Agency (CISA) in October 2020.