Update

how a North Korean suspect is linked to cyberattacks campaigns

A North Korean-connected threat actor has been linked to a wave of credential theft campaigns aimed at research, education, government, media, and other organisations, with two of the assaults also attempting to spread malware that may be used for intelligence gathering.

The infiltrations were attributed to a group known as TA406 by enterprise security firm Proofpoint, as well as by the wider threat intelligence community under the names Kimsuky (Kaspersky), Velvet Chollima (CrowdStrike), Thallium (Microsoft), Black Banshee (PwC), ITG16 (IBM), and the Konni Group (Cisco Talos).

how a North Korean suspect is linked to cyberattacks campaigns 2

Weekly campaigns targeting policy experts, journalists, and nongovernmental organisations (NGOs) were observed between January and June 2021, according to Proofpoint researchers Darien Huss and Selena Larson, who detailed the actor’s tactics, techniques, and procedures (TTPs) in a technical report. The attacks were spread across North America, Russia, China, and South Korea.

According to Proofpoint analysts Darien Huss and Selena Larson, who outlined the actor’s tactics, methods, and procedures (TTPs) in a technical study, weekly campaigns targeting policy experts, journalists, and nongovernmental organisations (NGOs) were seen between January and June 2021. North America, Russia, China, and South Korea were all hit by the strikes.

how a North Korean suspect is linked to cyberattacks campaigns 3

According to a public alert issued by the US Cybersecurity and Infrastructure Security Agency (CISA) in October 2020, the group is known for luring targets in with convincing social engineering schemes and watering hole attacks before sending them malware-infected payloads or duping them into submitting sensitive credentials to phishing sites.

The group is known for luring targets in with convincing social engineering schemes and watering hole attacks before sending malware-infected payloads or duping them into submitting sensitive credentials to phishing sites, according to a public alert issued by the US Cybersecurity and Infrastructure Security Agency (CISA) in October 2020.

Nidhi Khandelwal

Nidhi is a tech news/research contributor at TheDigitalHacker. She publishes about techno geopolitics, privacy, and data breach.
Back to top button
Close
Close