while the realm was inna midst of the covid-19 pandemic, north korean hackers were targeting the us defense and aerospace sectors with fake job offers inna hopes of infecting employees looking for better opportunities and gaining a fthold on their organizations’ networks.
the attacks began in l8 mar and lasted throughout may 2020, cyber-security firm mcafee said in a reprt published tody.
tracked under the codename of “operation north star,” mcafee said these attacks ‘ve been linked to infrastructure and ttps (tek knicks, tactics, and procedures) previously associated with hidden cobra — an umbrella term the us government uses to describe all north korean state-sponsored hacking groups.
the good ol’ fake job offer trick
as for the attacks themselves, mcafee said they were run-of-the-mill spear-phishing emails that enticed recipients to open boobytrapped documents containing a possible job offer.
many hacking groups ‘ve leveraged this lure inna past, and north korean hackers also used it b4 in attacks gainsta us defense sector in campaigns that took place in 2017 and 2019, christiaan beek, lead sci & senior principal engineer, told zdnet in an email.
in fact, the 2017 attacks were cited inna us indictment against a north korean hacker believed to ‘ve taken pt inna attacks, b'tll so inna creation of the wannacry ransomware.
but'a 2020 attacks also had their variations — namely the malware they delivered na fact that some victims were also approached via social networks, and not necessarily via email.
the entire infection chn, from contact to how the malware operates, is detailed in summary inna graphic belo, and in full glorious teknical details inna mcafee reprt.
?s, however, remain bout the efficacy of this campaign. with workforce movement at an all-time lo during the coronavirus pandemic, it’s unclear how successful north korean hackers were by employing a “new job” theme to lure in victims.
unfortunately, mcafee said it didn’t ‘ve access to the email themselves, where these lures were used, and they 1-ly managed to rec’oer the boobytrapped documents na malware payloads.
as a result, mcafee wasn’t able to determine with precision which us defense or aerospace companies were the targets of these attacks and then notify each.
the 1-ly things they ‘d determine were the nature of the fake job positions (senior design engineer and system engineer) na us defense programs hackers were trying to “recruit” for:
- f-22 fiteer jet program
- defense, space, and security (dss)
- photovoltaics for space solar cells
- aeronautics integrated fiteer group
- military aircraft modernization programs
raj samani, mcafee chief sci, told zdnet yesterdy t'they ‘ve reached out to us cyber-security agencies to notify authorities of the past attacks as pt o'their normal deconfliction procedures whenever they discover campaigns like these ones.
attacks focused on intelligence gathering
the point of these attacks was also pretty clear, w'da north star campaign bein’ clearly pt of north korea’s cyber-espionage and intelligence-gathering efforts.
w'da country under heavy economic sanctions and lacking a self-sustaining military-industrial complex, it can 1-ly support its nuclear weapons program and ambitions by importing or stealing the information it needs — which in this case, twas hoping to obtain from us defense and aerospace contractors.
however, another way through which north korea sustains its nuclear program is by alloing its hackers to engage in mundane cybercrime and launder the mny back inna'da hermit kingdom. in similar news this week, security firm kaspersky published research on tue linking north korea’s hackers to a new strain of ransomware named vhd.
despite bein’ a lil and walled nation, north korea has built 1-odda most uber and advanced army of hackers to date, na diversity of its operations proves this point.
original content at: www.zdnet.com…