North Korean Attack on World Cyber Experts
Google has uncovered a large-scale cyber attack in North Korea, targeting cyber experts around the world. The goal: to obtain information about vulnerabilities in computer systems that will enable the next cyber attack.
A cyber-attack group affiliated with North Korea has launched a widespread attack on cyber experts around the world. Malicious software was installed on the victims’ computers, which opened a back door and allowed the attackers to control the victim’s computers and extract any information found there. In an attempt to stop the attack, Google has released a detailed report on the attack and warns cyber researchers around the world to avoid any contact with the attackers. It is estimated that there are investigators who have been misled and the attackers have managed to extract from their computers information that will be used for future attacks.
Omri Segev Moyal, CEO of the cyber company ProPro, is one of the experts targeted by the attackers. He said they approached through social media and tried to create an initial collaboration, which would later pass on a link that would plant the spyware. “We are probably more suspicious than others and did not share. Action with the fictional character. I understood that their request was not exactly ethical, whether they wanted to sell or break in, and I did not respond. ”
The attack has been going on for several months and the target is cyber researchers working on sensitive security projects and managers of senior cyber companies. The purpose of the activity is to gather information about defects in system protection (“weaknesses”) and information security activities in companies that are protected by cyber experts. “They want to learn how cyber researchers investigating North Koreans work to know how to defend themselves from them. Such people are their intelligence target, whether they are attack developers or defense developers,” says Segev Moyal.
In an unusual report, Google publishes the details of the fake accounts used by the attackers and warns the world’s cyber people about the danger. Google estimates that this is an attempt to steal information from cyber security researchers. The report does not address the extent of the damage caused by the attack. The company notes that it is possible to learn from the attack that North Korean cyber-attackers have improved their professional capabilities, capabilities that have so far relied on China’s offensive cyber capabilities.
According to Google researcher Adam Weidman, the attackers have developed a new social engineering method, in which they address cyber researchers using fake profiles on Twitter to offer cooperation in investigating vulnerabilities. To increase referral credibility, they set up a fake cyber research blog with articles, reports of vulnerabilities (already discovered before) and fake YouTube videos. After establishing contact with the researchers, they sent them a Visual Studio project file, a software development system, which contained the code they wanted to explore, along with another DLL file that actually contained malware. Activating the code infected the investigator’s computer, gaining control over it, and immediately opened contact with the attackers’ servers.
Segev Moyal says that the assault campaign is part of a new trend in which cybercrime groups operating under the auspices of countries are attacking private companies and not rival countries. He said so far the same hackers have been used mainly to gather sensitive intelligence and other targeted operations but in recent months, with the economic uncertainty created by the corona plague combined with weaknesses that have emerged with remote work, their state cyber capabilities are being used to attack private companies. More illegal activities. Segev Moyal adds: “The current attack shows that countries are attacking not only private companies but also private individuals. If they succeed in trapping researchers whose specialty it is, then what chance does a small company have of dealing with such a thing?”
North Koreans are credited with extensive attacks on the West, including the 2013 attack that paralyzed South Korea’s financial institutions, the 2014 attack on Sony Pictures, in which films that had not yet hit theaters and large amounts of information were stolen and distributed, and the 2017 WannaCry attack. Hundreds of thousands of computers have been attacked by government and financial bodies around the world. The UN Security Council estimated in 2019 that North Korea had earned about $ 2 billion through cyber-attacks on financial institutions and crypto exchanges, which compensated it to some extent for the damages of U.S. economic sanctions following its nuclear program.
North Korean Attack on World Cyber Experts - /10