Hacked Security Software Used in Novel South Korean Supply-Chain Attack

Lazarus Group is believed to be behind a spate of attacks that leverage stolen digital certificates tied to browser software that secures communication with government and financial websites in South Korea. Continue reading Hacked Security Software Used in Novel South Korean Supply-Chain Attack

Nation-State Attackers Actively Target COVID-19 Vaccine-Makers

Three major APTs are involved in ongoing compromises at pharma and clinical organizations involved in COVID-19 research, Microsoft says. Continue reading Nation-State Attackers Actively Target COVID-19 Vaccine-Makers

Russian, North Korean hackers targeted COVID-19 vaccine researchers — and some attacks got through, Microsoft says

Three hacking groups connected to the Russian and North Korean governments targeted COVID-19 vaccine and treatment researchers across five nations in recent months, and some of their attacks were successful, Microsoft said Friday. The hackers went after seven prominent companies in Canada, France, India, South Korea and the United States, according to Microsoft. The hacking groups are the Russia-linked Fancy Bear, which Microsoft refers to as Strontium; the North Korea-connected organization Lazarus Group, which Microsoft calls Zinc; and a third North Korean group that Microsoft has not previously mentioned publicly, which it calls Cerium. Microsoft’s alert deepens the breadth of warnings from government agencies and cybersecurity companies: Hackers affiliated with some of the U.S.’s biggest adversaries in cyberspace are hard at work to hack others’ vaccine research. “Among the targets, the majority are vaccine makers that have Covid-19 vaccines in various stages of clinical trials,”  Tom Burt, Microsoft’s corporate vice president for customer security and […]

The post Russian, North Korean hackers targeted COVID-19 vaccine researchers — and some attacks got through, Microsoft says appeared first on CyberScoop.

Continue reading Russian, North Korean hackers targeted COVID-19 vaccine researchers — and some attacks got through, Microsoft says

Suspected North Korean hackers who targeted job applicants prove more ambitious than first believed

A possible North Korean government-connected cyber-espionage campaign that targeted the defense industry stretched further than originally known when it was inititally uncovered this summer, researchers said. “Operation North Star” went beyond targeting South Korea to include Australia, India, Israel and Russia, McAfee said in a report out Friday. And its motives and methods seem to be clearer now, too, according to researchers. Israel’s Ministry of Defense had previously blamed Lazarus Group, which the U.S. government calls Hidden Cobra, for sending phony job offers in its defense sector — a tactic that lined up with McAfee’s earlier description of Operation North Star tactics. Additionally, the campaign used a previously undiscovered implant called Torisma that it deployed to burrow further into victims’ systems, McAfee said. The tactic represents the kind of digital spying technique that would have given hackers access to machines belonging to job applicants positioned near military organizations — just the kind of targets that a […]

The post Suspected North Korean hackers who targeted job applicants prove more ambitious than first believed appeared first on CyberScoop.

Continue reading Suspected North Korean hackers who targeted job applicants prove more ambitious than first believed

Travelex, Other Orgs Face DDoS Threats as Extortion Campaign Rages On

Organizations worldwide – including Travelex – have been sent letters threatening to launch DDoS attacks on their network unless a $230K ransom is paid. Continue reading Travelex, Other Orgs Face DDoS Threats as Extortion Campaign Rages On

Ransomware Victims That Pay Up Could Incur Steep Fines from Uncle Sam

Companies victimized by ransomware and firms that facilitate negotiations with ransomware extortionists could face steep fines from the U.S. federal government if the crooks who profit from the attack are already under economic sanctions, the Treasury Department warned today. Continue reading Ransomware Victims That Pay Up Could Incur Steep Fines from Uncle Sam

For North Korea, phishing with fake job-recruitment emails never gets old

Give someone an undetected software exploit and they’ll have access to a system for a day, the security researcher The Grugq once said, but teach them to phish and they’ll have “access for life.” North Korean hackers have been following that bit of social-engineering wisdom to a T. In recent years, they have consistently posed as job recruiters to try to phish their way into the networks of aerospace and defense firms on multiple continents. The latest activity— a months-long spying campaign against aerospace and defense firms — was revealed this week by researchers from McAfee. Malware from the campaign has been detected in the U.S. and Europe. The suspected North Korean hackers appear to be spearphishing their targets using Microsoft Word documents with job descriptions involving active defense contracts, according to McAfee. Their goal is to use that foothold to plant additional code to gather data on their targets, the researchers said. […]

The post For North Korea, phishing with fake job-recruitment emails never gets old appeared first on CyberScoop.

Continue reading For North Korea, phishing with fake job-recruitment emails never gets old

North Korean hackers are stepping up their ransomware game, Kaspersky finds

While cybercriminals have been ramping up their ransomware attacks against businesses, schools, and governments, rarely have state-backed hackers relied on ransomware to make a buck. But in recent months it appears that government hackers from North Korea want a piece of the pie, too, according to Kaspersky research. In two incidents earlier this year affecting two businesses — one in France and one in Asia — hackers tied to the Lazarus Group deployed a little-known ransomware strain called VHD, which is designed to steal money from victims. A few characteristics tipped off Kaspersky researchers to Lazarus Group’s operations — Kaspersky found few public references and samples of VHD ransomware in their telemetry, indicating the strain was likely not the work of a cybercriminal. Additionally, in one of the intrusions, the researchers noted a spreading utility — which would allow it to proliferate within victim networks — was compiled with credentials specific to the […]

The post North Korean hackers are stepping up their ransomware game, Kaspersky finds appeared first on CyberScoop.

Continue reading North Korean hackers are stepping up their ransomware game, Kaspersky finds