World

New methods North Korea’s Cyber Spies

2022.12.12 03:23



New methods North Korea’s Cyber Spies

Budrigannews.com – It appeared as though everything was going according to plan when U.S. – based foreign affairs analyst Daniel DePetris received an email in October from the director of the 38 North think tank requesting an article.

The shipper was really a thought North Korean government operative looking for data, as indicated by those included and three online protection specialists.

The sender appeared to be attempting to elicit his thoughts on North Korean security issues by posing as 38 North director Jenny Town, rather than infecting his computer and stealing sensitive data, as hackers typically do.

More Iran continues to execute protesters

DePetris told Reuters, referring to Town, “I realized it wasn’t legit once I contacted the person with follow-up questions and found out there was, in fact, no request that was made, and that this person was also a target.” As a result, I quickly realized that this was a widespread campaign.”

According to cybersecurity experts, five targeted individuals, and emails reviewed by Reuters, the email is part of a new campaign by a suspected North Korean hacking group that hasn’t been reported before.

Researchers have dubbed the hacking group Thallium or Kimsuky, among other names. It has been using “spear-phishing” emails for a long time to trick targets into giving up passwords or clicking on malware-laden attachments or links. However, it now appears to merely solicit reports or opinions from researchers or other experts.

Reuters reviewed emails and found that China’s response in the event of a new nuclear test was one of the other topics discussed; and whether North Korean “aggression” might be warranted for a “quieter” approach.

James Elliott of Microsoft (NASDAQ:) stated, “The attackers are having a ton of success with this very, very simple method.” The Threat Intelligence Center (MSTIC) added that the brand-new strategy first surfaced in January. The process has been completely altered by the attackers.”

According to MSTIC, a Thallium attacker account has received information from “multiple” North Korean experts.

According to cybersecurity researchers, the experts and analysts targeted by the campaign have an impact on public opinion worldwide and foreign policy toward North Korea.

Thallium “is most likely tasked by the North Korean regime with a global intelligence gathering mission,” according to a 2020 report from U.S. government cybersecurity agencies.

According to Microsoft, Thallium has historically targeted think tanks, academics, human rights organizations, and government employees.

Elliot stated, “The attackers are getting the information directly from the horse’s mouth, if you will, and they are not having to sit there and make interpretations because they are getting it directly from the expert.”

Attacks against Sony (NYSE:) that net millions of dollars are well-known to North Korean hackers. Pictures over a movie that was seen as disrespectful to its leader and as a data thief who stole data from pharmaceutical and defense companies, foreign governments, and other people.

Although it has denied being involved in cybercrime, the North Korean embassy in London did not respond to a request for comment.

According to Saher Naumaan, principal threat intelligence analyst at BAE Systems (OTC:), in other attacks, Thallium and other hackers have spent weeks or months establishing trust with a target before sending malicious software. Intelligence in Practice.

Microsoft, on the other hand, claims that the group now talks to experts in some cases without ever sending malicious files or links until the victims respond.

According to Elliot, this strategy allows the spies direct access to the experts’ thinking, bypasses traditional technical security programs that would scan and flag a message with malicious elements, and can be quicker than hacking someone’s account and going through their emails.

He said, “For us as defenders, it’s really, really hard to stop these emails,” adding that most of the time, the recipient will figure it out on their own.

Town claimed that some messages purporting to be from her had copied her entire signature line but used an email address beginning with “.live” rather than her official account, which begins with “.org.”

She claimed that she was a part of a bizarre email exchange in one instance in which the alleged attacker, posing as her, replied to her.

More British royal should stay away from Russian Embassy-Russian Ambassador

The emails that DePetris, a fellow at Defense Priorities and a columnist for a number of newspapers, said he had received were written as if a researcher were requesting comments on a draft or a submission of a paper.

He stated, “They were quite sophisticated, with logos from think tanks attached to the correspondence to give the impression that the inquiry is legitimate.”

DePetris stated that a separate hacker posed as 38 North and emailed other individuals to review a draft approximately three weeks after receiving the forged email.

DePetris shared that email with Reuters. In it, he offers $300 for reviewing a manuscript about North Korea’s nuclear program and requests suggestions for additional potential reviewers. According to Elliot, the hackers never intended to pay anyone for their research or responses.

One security source in Seoul, who spoke on condition of anonymity to discuss intelligence matters, told Reuters that Western intelligence agencies believe Pyongyang has become particularly reliant on cyber campaigns as North Korea’s isolation has deepened due to sanctions and the pandemic. Although impersonation is a common method used by spies worldwide,

A panel of experts looking into North Korea’s evasion of U.N. sanctions listed Thallium’s efforts as one of the activities that “constitute espionage intended to inform and assist” the country’s sanctions avoidance in a March 2022 report.

According to Town, before the attackers realized what had happened, analysts had provided comprehensive reports or manuscript reviews, and in some instances, the attackers had commissioned papers.

According to DePetris, the hackers questioned him regarding issues he was already working on, such as Japan’s response to North Korea’s military activities.

Another email, purporting to be from a reporter for Kyodo News in Japan, posed questions about U.S., Chinese, and Russian policies and asked 38 North Korean employees how they thought the war in Ukraine affected their thinking.

According to DePetris, “one can only speculate that the North Koreans are trying to get candid views from think tankers in order to better understand U.S. policy on the North and where it may be going.”

New methods North Korea’s Cyber Spies

Related Articles

Leave a Reply

Back to top button
bitcoin
Bitcoin (BTC) $ 94,173.23 1.61%
ethereum
Ethereum (ETH) $ 3,327.40 0.20%
tether
Tether (USDT) $ 0.998416 0.06%
xrp
XRP (XRP) $ 2.14 0.65%
bnb
BNB (BNB) $ 690.23 0.14%
solana
Solana (SOL) $ 183.65 2.56%
dogecoin
Dogecoin (DOGE) $ 0.311027 0.62%
usd-coin
USDC (USDC) $ 0.99987 0.05%
staked-ether
Lido Staked Ether (STETH) $ 3,327.77 0.01%
cardano
Cardano (ADA) $ 0.87435 1.32%
tron
TRON (TRX) $ 0.25869 2.08%
avalanche-2
Avalanche (AVAX) $ 36.47 2.37%
the-open-network
Toncoin (TON) $ 5.72 0.47%
wrapped-steth
Wrapped stETH (WSTETH) $ 3,947.13 0.46%
chainlink
Chainlink (LINK) $ 21.52 5.07%
shiba-inu
Shiba Inu (SHIB) $ 0.000022 0.45%
wrapped-bitcoin
Wrapped Bitcoin (WBTC) $ 94,293.26 1.33%
sui
Sui (SUI) $ 4.08 2.84%
bitget-token
Bitget Token (BGB) $ 8.13 11.37%
stellar
Stellar (XLM) $ 0.349027 1.51%
hedera-hashgraph
Hedera (HBAR) $ 0.275892 3.47%
polkadot
Polkadot (DOT) $ 6.89 0.54%
weth
WETH (WETH) $ 3,329.23 0.03%
hyperliquid
Hyperliquid (HYPE) $ 27.09 0.05%
bitcoin-cash
Bitcoin Cash (BCH) $ 439.86 0.48%
leo-token
LEO Token (LEO) $ 9.20 0.65%
uniswap
Uniswap (UNI) $ 13.30 0.39%
litecoin
Litecoin (LTC) $ 100.37 1.74%
pepe
Pepe (PEPE) $ 0.000018 2.22%
wrapped-eeth
Wrapped eETH (WEETH) $ 3,509.33 0.07%
near
NEAR Protocol (NEAR) $ 5.11 0.44%
ethena-usde
Ethena USDe (USDE) $ 0.997674 0.05%
usds
USDS (USDS) $ 1.00 0.13%
internet-computer
Internet Computer (ICP) $ 10.21 0.76%
aave
Aave (AAVE) $ 323.26 4.41%
aptos
Aptos (APT) $ 8.71 1.42%
crypto-com-chain
Cronos (CRO) $ 0.148221 2.15%
polygon-ecosystem-token
POL (ex-MATIC) (POL) $ 0.478497 0.34%
mantle
Mantle (MNT) $ 1.19 1.16%
ethereum-classic
Ethereum Classic (ETC) $ 25.93 0.05%
vechain
VeChain (VET) $ 0.045664 2.55%
render-token
Render (RENDER) $ 6.99 1.67%
monero
Monero (XMR) $ 192.68 1.89%
virtual-protocol
Virtuals Protocol (VIRTUAL) $ 3.55 17.86%
whitebit
WhiteBIT Coin (WBT) $ 24.60 0.07%
mantra-dao
MANTRA (OM) $ 3.67 0.41%
bittensor
Bittensor (TAO) $ 467.28 1.29%
dai
Dai (DAI) $ 0.999486 0.09%
fetch-ai
Artificial Superintelligence Alliance (FET) $ 1.31 3.64%
arbitrum
Arbitrum (ARB) $ 0.758692 0.58%