The Patriot Files Forums  

Go Back   The Patriot Files Forums > Military News > Cyber Warfare

Post New Thread  Reply
 
Thread Tools Display Modes
  #1  
Old 12-06-2018, 04:17 PM
Boats's Avatar
Boats Boats is offline
Senior Member
 

Join Date: Jul 2002
Location: Chicago, IL
Posts: 9,846
Angry Suspected North Korean hackers target universities using Chrome extension

Suspected North Korean hackers target universities using Chrome extension
Written by Sean Lyngaas - DEC 6, 2018 at CYBERSCOOP
RE: https://www.cyberscoop.com/suspected...ome-extension/

While North Korean hackers are known for stealing money to finance Kim Jong Un’s authoritarian regime, Pyongyang may also be engaging in a cyber-espionage campaign targeting universities, new research shows.

The hacking operation, which began in May, if not earlier, uses malicious Google Chrome extensions to gain a foothold into a victim’s computer, according to ASERT, the threat intelligence group of Netscout’s Arbor Networks.

Once the hackers compromised a target network, they used “off-the-shelf tools,” like remote desktop protocol, to retain access to the network, according to ASERT. The goal of the operation, dubbed “Stolen Pencil,” appears to be maintaining persistent access; researchers found no evidence of data theft.

“A large number of the victims, across multiple universities, had expertise in biomedical engineering, possibly suggesting a motivation for the attackers’ targeting,” states the research, which was published Wednesday. The malicious extensions have been removed from the Google Play Store, ASERT says.

Although ASERT did not definitively tie the hackers to North Korea, clues point to the Hermit Kingdom. Use of off-the-shelf tools and a cryptojacker are typical of the North Koreans, and the hackers’ poor operational security showed that Korean was their language of choice in websites they viewed and in their keyboard usage, researchers said.

ASERT did not specify the location of the universities being targeted. However, one Twitter user documented a spearphishing attempt in the campaign sent from a compromised or mock Dartmouth College email address that included the words “nuclear deterrence” as a lure.

The spearphishing email was sent to a person who specializes in Korean affairs at a think tank, a source familiar with the matter told CyberScoop.

This is not the first apparent North Korean cyber-espionage operation aimed at research communities. In September 2013, Kaspersky Lab documented a suspected North Korean campaign against South Korean think tanks.

The Chrome extension hashes found in the new campaign exposed by ASERT tie the activity to the cyber-espionage group identified by Kaspersky in 2013, ZDNet reported.

It’s not only money they’re after

A trademark of North Korea’s computer operatives is their aggressive targeting of financial institutions around the world. In October, cybersecurity company FireEye revealed a Pyongyang-linked group that had tried to steal $1.1 billion. But it’s not just banks that are in the crosshairs. The United States has attributed the 2014 cyberattack on Sony Pictures Entertainment and the 2017 WannaCry ransomware outbreak to North Korea. And there is more evidence, aside from the ASERT research, that North Korea-linked hackers are expanding their target base to other industries.

Dmitri Alperovitch, CTO and co-founder of cybersecurity company CrowdStrike, said his company has recently observed an uptick in targeting from North Korean hackers, “including an attempted intrusion into a manufacturing company that may signal an expansion into economic espionage.”

In tracking North Korean hacking groups for a decade, CrowdStrike has seen “continued growth in the sophistication of their tradecraft,” Alperovitch told CyberScoop.

As Pyongyang expands its hacking targets, the United States has struggled to find ways to deter North Korea in cyberspace. In October, the FBI quietly told American companies that North Korean government hackers will keep targeting financial institutions worldwide despite the U.S. government’s attribution of such activity to Pyongyang.
__________________
Boats

O Almighty Lord God, who neither slumberest nor sleepest; Protect and assist, we beseech thee, all those who at home or abroad, by land, by sea, or in the air, are serving this country, that they, being armed with thy defence, may be preserved evermore in all perils; and being filled with wisdom and girded with strength, may do their duty to thy honour and glory; through Jesus Christ our Lord. Amen.

"IN GOD WE TRUST"
sendpm.gif Reply With Quote
Sponsored Links
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is On

All times are GMT -7. The time now is 08:59 PM.


Powered by vBulletin, Jelsoft Enterprises Ltd.