[TheRecord] State-sponsored North Korean hackers responsible for blitz of attacks in 2021

Suspected government-backed hackers from North Korea launched almost weekly cyberattacks on a wide array of targets throughout the first half of 2021, according to research released on Thursday by security firm Proofpoint.

The group, dubbed TA406, engaged in espionage, digital crime, and sextortion. It conducted frequent credential phishing campaigns against foreign policy experts and non-governmental groups whose work related to the Korean peninsula, as well as journalists and academics.

Researchers also uncovered, for the first time, two campaigns where the group attempted to distribute malware that could be used for information gathering.

The activity tracked as TA406 by Proofpoint is often referred to publicly as “Kimsuky,” or “Thallium,” a notorious hacking group with ties to the North Korean military known for attacks against Western diplomatic and national security organizations, and Konni, a family of remote access trojans. The group has conducted espionage-motivated campaigns since at least 2012 and financially-motivated campaigns since at least 2018, according to the company.

The Proofpoint research details how TA406 shifted from its focus from credential theft to spreading malware via email. 

The first instance, in March, involved messages that claimed to be from a top North Korea expert and targeted entities in North America. The second, which took place in June, came from the same sender and purported to be from a well-known foreign policy specialist.

“Proofpoint anticipates this threat actor will continue to conduct corporate credential theft operations frequently, targeting entities of interest to the North Korean government,” the report concludes.

The post State-sponsored North Korean hackers responsible for blitz of attacks in 2021 appeared first on The Record by Recorded Future.

Source: Read More (The Record by Recorded Future)

You might be interested in …

[TheRecord] Emotet botnet returns after law enforcement mass-uninstall operation

The Emotet malware botnet is back up and running once again almost ten months after an international law enforcement operation took down its command and control servers earlier this year in January. The comeback is surprising because after taking over Emotet’s server infrastructure, law enforcement officials also orchestrated a mass-uninstall of the malware from all infected computers on April […]

Read More

[ThreatPost] ‘Fancy Lazarus’ Cyberattackers Ramp up Ransom DDoS Efforts

All posts, ThreatPost

The group, known for masquerading as various APT groups, is back with a spate of attacks on U.S. companies. Source: Read More (Threatpost)

Read More

[ThreatPost] Peloton’s Leaky API Spilled Riders’ Private Data

All posts, ThreatPost

On top of the privacy spill, Peloton is also recalling all treadmills after the equipment was linked to 70 injuries and the death of one child. Source: Read More (Threatpost)

Read More