Korea

now browsing by tag

 
 

North Korea #Hackers Use #Android Apps With #Malware To #Harass #Defectors

North Korean hackers are using Android apps with malware to target the country’s defectors, according to researchers from security software firm McAfee.

The Android apps, which were detected as Google Play Store malware, go beyond the usual unwanted advertisements and attempted scams. The apps track and blackmail the targets for escaping North Korea.

North Korea Launches Targeted Malware Attacks
A North Korea hacking team was recently able to upload three Android apps to the Google Play Store that targeted people who escaped from the authoritarian country, according to a report from McAfee.

The team behind the attacks was Sun Team, instead of the more infamous Lazarus, which was previously linked to the WannaCry ransomware from a year ago. This was not Sun Team’s first attempt at this kind of attack though. In January, McAfee spotted the same attempt, but it required the targets go out of their way and download the apps with malware outside of the Google Play Store.

The malware campaign, nicknamed RedDawn, involved the hackers contacting the targets through Facebook to invite them to install seemingly innocent apps from the Google Play Store. Compared to the first attempt, the new method of attack may have been more convincing, as the apps were downloaded from the official app store for Android devices.

Google Play Store Malware Harasses North Korea Defectors
The three apps were uploaded to the Google Play Store between January and March. The first app was Food Ingredients Info, which offered information on food, true to its name. The second and third apps were FastAppLock and Fast AppLock Free, which functioned as security tools.

The apps, however, were laced with malware. Once installed, the malware used Dropbox and Yandex to upload data and issue commands. The hackers were able to steal their targets’ personal data, which could then be used to track, threaten, and blackmail them.

It is unclear, however, how effective the apps were. They have now been removed from the Google Play Store after McAfee contacted Google, but only after recording about 100 downloads. McAfee said that it was able to identify the malware early on, and that there have been no public reports of being infected with them.

Being careful in downloading apps does not only apply to North Korean defectors though. Targeted malware attacks may come in any form, so users will need to be very cautious with the apps that they install, even if they come from the Google Play Store.

advertisement:

The post North Korea #Hackers Use #Android Apps With #Malware To #Harass #Defectors appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Olympic #Games #hackers tried to frame #Russia, #North Korea

Source: National Cyber Security News

When Olympic Destroyer hit the 2018 Winter Games in South Korea, a quick list of suspects behind the attack surfaced.

Reports attributed the destructive attack to Russia and North Korea. In the malware, which was designed to wreak havoc on the Olympics IT system, there were lines of code that only North Korean hackers had used in the past.

But new research from Kaspersky Lab shows these codes were purposely left in there to throw researchers off their trail.

“Attackers are becoming smarter and they know that creating the ultimate false flag is the ultimate defense,” Vitaly Kamluk, director of Kaspersky’s global research and analysis team, said Thursday at the cybersecurity company’s conference in Cancun, Mexico.

Finding out who’s behind cyberattacks is essential for taking countermeasures, but it can be difficult for researchers to pinpoint the exact perpetrators. Just because WannaCry, a global ransomware attack from 2017, used the NSA’s hacking tools, doesn’t mean the US government was behind it, for example. It took about eight months before the White House was able to announce that Russia was behind “NotPetya,” calling it the “most destructive cyberattack in history.”

Researchers are still working to find out who was really behind the Olympic Destroyer attack, Kamluk said, but he noted that code from North Korea’s hacking unit Lazarus Group had been forged.

Read More….

advertisement:

View full post on National Cyber Security Ventures

North #Korea allegedly #hacking #PCs to mine #Monero #cryptocurrency

Source: National Cyber Security – Produced By Gregory Evans

North Korea has been accused of hacking server networks to install mining scripts for the Monero cryptocurrency. A new Monero mining hacker group has been seizing control of servers over the past year. It’s now been linked back to North Korea.

Bloomberg reports the hacking team called Andariel came to the attention of authorities after it successfully hijacked a South Korean company’s servers last summer. The group then used the extra computing power to mine Monero coins, a cryptocurrency that’s rapidly growing and is especially popular in Asian countries.

Monero is privacy-oriented and easier to conceal than more mainstream alternatives such as Bitcoin and Ethereum. These qualities make it attractive to hacking groups looking to either steal or surreptitiously mine large quantities of cryptocash. Andariel obtained control of the target server without its real owners noticing.

It’s unknown whether Andariel has compromised other organisations. However, South Korean hacking analysis expert Kwak Kyoung-ju told Bloomberg that the unit is sophisticated and looking to broaden its targets. Kyoung-ju said Andariel is “going after anything that generates cash these days,” searching for cryptocurrencies or information which could be used to create money.

Andariel has now been tracked back to North Korea as the country finds itself accused of growing numbers of cyberattacks. After being hit with stricter sanctions and trade bans from the United Nations, the country is looking to alternative forms of income as the pressure on its economy increases. Hijacking foreign servers to mine lucrative digital cash could be one way to survive under the tougher sanctions.

In the past year, North Korea has been blamed by U.S. investigators for the WannaCry ransomware attack. The campaign affected thousands of Windows computers around the world last year and forced several major organisations to suspend their operations. Hackers exploited a vulnerability in unpatched versions of Windows to install the ransomware, forcing PC users to pay in Bitcoin before unlocking the machine.

As Computing notes, North Korea has also been implicated in a string of attempted attacks against the SWIFT international payments network used by major banks. The country is thought to have been involved in an attempt to steal over $950 million from Bangladesh’s central bank back in 2016. The operation was only aborted because the attackers got one word wrong.

The post North #Korea allegedly #hacking #PCs to mine #Monero #cryptocurrency appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

North Korea #accused of #stealing #warship #blueprints in #hack

Source: National Cyber Security – Produced By Gregory Evans

North Korea #accused of #stealing #warship #blueprints in #hack

North Korea’s cyber army appears to be going after real weapons.

Hackers tied to Kim Jong Un’s regime stole blueprints and other information about warships and submarines last year when they broke into one of the world’s biggest shipbuilders, according to South Korean lawmaker Kyeong Dae-soo.

Blueprints, shipbuilding technology, weapons systems and test data related to submarines and destroyers were among roughly 60 classified military documents taken from Daewoo Shipbuilding last year, according to Kyeong’s office. It said it was summarizing information it had received from the South Korean Defense Ministry and several military agencies.

The hackers are believed to have accessed some 40,000 documents in all.

Kyeong, a member of the opposition party, learned of the Daewoo hack at an intelligence briefing last week, according to a spokesman for the lawmaker. The South Korean Defense Ministry declined to comment on the matter, but said it is working to strengthen military security.

Daewoo has built several South Korean warships and submarines, all part of the country’s defenses against North Korea.

A Daewoo spokeswoman declined to comment, beyond saying that the company is looking into the matter.

The Daewoo hack is the latest case to come to light suggesting North Korea is using its hacking abilities to try to gain an edge in the tense standoff with the U.S. and its allies over Pyongyang’s nuclear weapons program.

Earlier this month, another South Korean lawmaker revealed that North Korean hackers allegedly stole classified military documents from a Defense Ministry database. Among the documents stolen were a South Korea-U.S. wartime operation plan and a document that included procedures to “decapitate” North Korean leadership.

North Korean hackers have also been tied to other high profile cyberattacks, including the massive ransomware attack WannaCry earlier this year, a series of attacks on global banks that came to light last year and the hacking of Sony Pictures in 2014.

The North Korean government has repeatedly denied involvement in international cyberattacks.

Cybersecurity experts say the latest alleged heist shows the risks for government contractors.

“State versus state espionage has moved into the digital realm,” said Bryce Boland, Asia Pacific chief technology officer with cybersecurity firm FireEye.

Companies “involved in state activities like defense are considered fair game by cyber spies,” he said.

 

The post North Korea #accused of #stealing #warship #blueprints in #hack appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

CyberSecurity Alert in South Korea and the United States as Data Stealing Malware Attacks the Infrastructure

Source: National Cyber Security – Produced By Gregory Evans

CyberSecurity Alert in South Korea and the United States as Data Stealing Malware Attacks the Infrastructure

FormBook is the new malware from attackers targeting manufacturing, defense, and aerospace firms in the South Korea and the United States.

According to the expert FireEye researchers, Formbook was identified in numerous distribution campaigns attacking the U.S. with emails containing unauthentic XLS, DOC, or PDF files. Even similar attacks from FormBook have been identified in South Korea through emails containing malicious files in ZIP, ACE, ISOS, and RAR formats.

With functional payloads, Formbook creates grabber to steal the data, the same being advertised in various hacking forums since 2016. Keylogging, tracking HTTP/SPDY/HTTPS/HTTP2 forms, network requests, stealing passwords from the browsers, email clients, clipboard monitoring, and taking screenshots are some of the prominent capabilities of FormBook.

There have been wide assortments of distribution mechanisms leveraged by the attackers of such email campaigns to distribute the information from FormBook malware, as posted on 9th October 2017 on the australiandefence.com.

As confirmed by the FireEye experts, an important and exclusive feature of this malware is that is can read ‘Windows ntdl.dll module’ to memory from the disk. This is the exported function of the FormBook making ineffective the API monitoring and user-mode hooking mechanisms.

There is a self-extracting RAR file that delivers the payload execution to the FormBook. During the instigation of launch,an AutoIt loadersrun and compile the script. This script decrypts the files from FormBook payload into a memory and then carry the execution process, confirm the researchers.

But overtime the researchers have identified that FormBook can also download NanoCore, which is a remote access Trojan or RAT that was first witnessed in 2013 and readily sold on the web. Taylor Huddleston, the author of the same was arrested for this in March 2017.

Besides the United States and South Korea, the malware has targeted other countries, such as United Kingdom, France, Poland, Ukraine, Hungry, Russia, Australia, Germany, and Netherlands.Even the archive campaign has hit the prominent countries of the world like United States, Belgium, Japan, Saudi Arabia, France, Sweden, Germany, and India.

The FormBook holds the potential to hit Windows devices, and hence it has become an urgent need for the high-end institutions to look to a more secure solution and upgrade their Windows operating system. As for now, it is announced strictly to not open any suspicious emails or click on unidentified links or download any unknown attachments from any unrecognized email address.

Source:

The post CyberSecurity Alert in South Korea and the United States as Data Stealing Malware Attacks the Infrastructure appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

North Korea may be mining bitcoin in addition to hacking it

Source: National Cyber Security – Produced By Gregory Evans

Last month, North Korea was banned from exporting coal to China, its biggest buyer. The rogue regime may have found a new use for these idle coal supplies: powering bitcoin mines. That’s according to research by Recorded Future, an information security firm that counts the Central Intelligence Agency’s venture capital arm among its…

The post North Korea may be mining bitcoin in addition to hacking it appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

North Korea Tries to Make Hacking a Profit Center

Source: National Cyber Security – Produced By Gregory Evans

SEOUL, South Korea — North Korea’s state-sponsored hackers are increasingly going after money rather than secrets, according to a report published on Thursday by a South Korean government-backed institute. Cybersecurity experts have noticed a shift in the hacking attacks they suspected were mounted by North Korea. Formerly, most such attacks…

The post North Korea Tries to Make Hacking a Profit Center appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Is North Korea Preparing a Missile Test?

Source: National Cyber Security – Produced By Gregory Evans

On January 19, South Korea’s Yonhap news agency reported that North Korea had placed two missiles on mobile launchers in preparation for possible testing in the early days of the Trump administration. Details are still scarce, and it should be …

The post Is North Korea Preparing a Missile Test? appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Can the US Prevent North Korea from Testing an ICBM?

Source: National Cyber Security – Produced By Gregory Evans

According to the New York Times, Kim Jong Un proclaimed to the North Korean people, during his annual New Year’s address, that the military is in the “final stages in preparations to test-launch an intercontinental ballistic rocket.” A North Korean …

The post Can the US Prevent North Korea from Testing an ICBM? appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Encouraging Japan to Go Nuclear Won’t Denuclearize North Korea

Source: National Cyber Security – Produced By Gregory Evans

During his Presidential campaign, Donald Trump said that a nuclear-armed Japan might not be a “bad thing” for the United States “because of the threat of North Korea.” In a recent op-ed, Charles Krauthammer seemed to agree, advising the incoming …

The post Encouraging Japan to Go Nuclear Won’t Denuclearize North Korea appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures