[ad_1]
Cybersecurity firm Proofpoint said in a new report Thursday that hackers linked to the North Korean regime ran weekly hacking campaigns in 2021, a noticeable increase in activity over the past years.
Proofpoint analysts have followed the hacker group TA406 since 2018, but the volume of their work remained low until 2021, when hackers began weekly campaigns targeting nonprofits, foreign policy experts and journalists. The hackers have adopted fakes and specifically targeted people in North America, China and Russia by conducting credential theft campaigns with the aim of breaching the websites of research, education, government, media and other organizations.
“In early 2021, TA406 began nearly weekly campaigns that included themes that included nuclear weapons security, US President Joe Biden, Korean foreign policy, and other political themes.” report From Proofpoint’s Darien Huss and Selena Larson. “The group attempted to collect credentials such as Microsoft logins or other corporate credentials from targeted individuals. In some cases, emails were benign in nature; These messages may be an attacker’s attempt to interact with victims before sending them a malicious link or attachment.”
The report stated that the TA406 hackers engaged in cybercrime, espionage and, in this context, “blackmail” which includes extorting cryptocurrency from someone in exchange for not disclosing scandalous personal information.
The hackers pretended to be Russian diplomats, academics, and Korean individuals, among other false identities. For example, Proofpoint said it observed TA406 from late 2020 to early 2021, impersonating Eunjung Cho, a journalist at the Washington-based Voice of America. according to this company website.
Proofpoint’s report also suggested that the TA406 has selected new targets, including “some of the highest-ranking elected officials from several different government agencies” surrounding the March 2021 missile tests conducted by Pyongyang.
The hacking attempts observed by Proofpoint, headquartered in Sunnyvale, California, come at a time when other cybersecurity experts have warned of the growing threat of North Korean cyberattacks in the coming years, especially given the regime’s lack of allies and economic trading partners.
“With its geographic, international and financial challenges, North Korea is willing to take too many risks,” wrote cybersecurity firm Mandiant in its 2022 security forecasts released earlier this month. “In 2022, we expect to see North Korea flex its cyber capabilities to make up for its lack of other means of national power.”
[ad_2]
Source link