Almost 1,000 North Korean defectors have had their personal data leaked after a computer at a South Korean resettlement centre was hacked, the unification ministry said. A personal computer at the state-run centre was found to have been “infected with a malicious code”.
The ministry said this is thought to be the first large-scale information leak involving North Korean defectors. The hackers’ identity and the origin of the cyber-attack is not yet confirmed. The North Gyeongsang resettlement centre is among 25 institutes the ministry runs to help an estimated 32,000 defectors adjust to life in South Korea.
Read more about this disturbing cyberattack on BBC.
Earlier today, the US Department of Justice formally charged a North Korean programmer for some of the biggest cyber-attacks in recent years. According to a 179-page DOJ indictment, the US believes that Park Jin Hyok, a 34-year-old North Korean, is one of the many individuals behind a long string of malware attacks and intrusions, including the WannaCry ransomware outbreak of 2017 and the breach at Sony Pictures Entertainment in 2014.
The DOJ says Park was an active member of a government-sponsored hacking team known in the private cyber-security sector as the Lazarus Group. But in reality, officials say, he was also a government employee working for a government-owned company named Chosun Expo Joint Venture.
Read how US authorities managed to track down Park Jin Hyok on ZDNet.
New analysis of malware campaigns suggests that North Korean hackers may have re-used malware and computer infrastructure, leaving a trail which increasingly allow incidents to be traced back to them.
The joint research by security firms McAfee and Intezer reveals new connections between attacks believed to be the work of North Korea, a shared networking infrastructure used to help conduct the attacks and work by specific teams within the country’s cyber army.
Read more about the research on the North Korean cyber threat on ZDNet.
The US Computer Emergency Readiness Team (US-CERT) is warning users and admins about newly uncovered malware developed by North Korean hacking group Hidden Cobra, also known as the Lazarus Group. US-CERT’s report on Typeframe identifies 11 pieces of malware, which consist of Windows executable files and a Word document with malicious Visual Basic macros.
“These files have the capability to download and install malware, install proxy and Remote-Access Trojans (RATs), connect to command-and-control servers to receive additional instructions, and modify the victim’s firewall to allow incoming connections,” US-CERT notes in its latest malware report on the North Korean government’s Hidden Cobra campaign.
Read more about the newly uncovered malware developed by North Korean hacking group Hidden Cobra on ZDNet.
The recent meeting in Singapore between US President Donald Trump and North Korea’s Kim Jong Un appears to have attracted an inordinate amount of interest in US activities from threat actors based in Russia. Cyberattacks on targets in Singapore skyrocketed from June 11 and June 12 – the period immediately preceding and following the highly hyped meeting.
An analysis of data collected by F5 Networks, in concert with partner Loryka, showed that 97% of all attacks emanating from Russia during the two-day period were directed at Singapore. Of the total attacks launched from all countries, Russia was the top attacker, responsible for 34% of them, and Singapore was the top recipient of global attacks.
Read more about the sudden rise of attacks directed at targets in Singapore that coincided with the Trump-Kim meeting on DarkReading.
An ActiveX zero-day vulnerability used in attacks against a South Korean think tank has been connected to Lazarus Group. The target of these attacks was the Sejong Institute, a non-profit South Korean think tank which conducts research on national security. The private organization works with academic institutions worldwide.
The ActiveX zero-day flaw was discovered on the think tank’s website in May by South Korean cybersecurity firm AhnLab. The attack was one amongst many conducted by Andariel Group, an offshoot of Lazarus, which is believed to be linked to North Korea.
Read more about the attack on a non-profit South Korean think tank that has been attributed to North Korean hackers on ZDNet.
The leaders of the US and North Korea, Kim Jong Un and President Donald Trump, have met. Whether the summit is seen as a success or failure, both players will still indulge themselves in a disturbing trend: a free-for-all assault on other countries, businesses, and individuals alike through state-sponsored cyberattacks.
The United States and North Korea have never been the best of friends, to put it lightly. However, both countries have enough firepower — both in the physical and digital realms — to cause serious damage. Cyberattacks may not have been on the summit’s agenda, but digital weaponry can still be debilitating, and both countries have invested in training up the next generation of hackers, for good or ill.
Read more about why ZDNet’s Charlie Osborne believes that despite the historical Trump-Kim summit, the North Korea-US cyberwar will rage on, on ZDNet.
The point of this is that we all need to understand we have to raise our defenses. There are things you can do right now to make your systems more resilient and make it harder on all adversaries to accomplish their objectives.
North Korean hackers, backed by the state, are believed to be responsible for an array of bold attacks made in the name of money, or the reputation of the Democratic People’s Republic of Korea regime.
One of the most infamous examples is the 2014 brutal cyberattack on Sony which compromised the tech company’s networks and led to the leak of terabytes of information online. The FBI blamed North Korea for the attack, believing it was launched in response to Sony’s planned release of The Interview, a film which tells the satirical story of journalists recruited to assassinate Kim Jong Un.
Read an extensive, though not exhaustive list of cyber attacks that have been attributed to North Korea, on ZDNet.
Cyberattackers linked to North Korea have appeared to have withdrawn from attacks on the US industrial sector. Researchers from Dragos said that the advanced persistent threat (APT) group, called Covellite, has been previously linked to attacks against US, European and East Asian organizations in the civilian energy sector. While Covellite appears to lack the means to attack industrial control systems (ICSs) at present, the APT is still able to gather intelligence on intellectual property and internal industrial operations.
Researchers first recorded attacks against US targets performed by Covellite in 2017. However, it now appears that the US has been crossed off the target list — in what appears to be an interesting time to do so, as North Korea has a current interest in patching up its relationship with America.
Read more about the data by Dragos indicating that North Korean hacking group Covellite has crossed US targets off its list, on ZDNet.
North Korea’s Group 123, an advanced persistent threat actor responsible for several major malicious campaigns in recent years, is believed to be behind new malware activity targeting users in South Korea. Researchers at Cisco Talos say the group has launched a spear-phishing campaign in which a document purporting to be about the planned June summit between President Trump and North Korean leader Kim Jong-Un is being used as a lure for downloading malware.
The decoy document is a Hangul Word Processor (HWP) document titled “Prospects for US-North Korea Summit.” It contains an Encapsulated PostScript (EPS) object designed to download and execute a remote access Trojan that Talos has dubbed NavRAT. The Trojan is downloaded from a legitimate Korean website that appears to have been compromised and used to host the malware.
Read more about the new malware campaign by North Korea’s Group 123 on DarkReading.