You might recall that I posted a story on North Koreans posing to get IT jobs in the US. I have a follow up on that story with a bit of a twist. ESET researchers sent a series of tweets outlining a cyberespionage campaign by North Korean APT group Lazarus that is targeting Apple and Intel chip systems via a fake engineering job post supposedly from Coinbase.
Kevin Bocek, VP Security Strategy and Threat Intelligence at Venafi had this to say:
“The North Korean APT group Lazarus has made a real name for itself with its cyberespionage campaigns, and this attack targeting developers with signed executables has the potential to inflict huge damage on North Korea’s rivals. Our research shows that the proceeds of cybercriminal activities from North Korean APT groups are being used to circumvent international sanctions and gather intelligence. The money from such attacks is being funnelled directly into the DPRK’s weapons programmes, and any intel gathered could also be used against its enemies.”
“A key component of the attack is the use of a signed executable disguised as a job description. Code signing certificates has become the modus operandi for many North Korean APT groups, as these digital certificates are the keys to the castle, securing communication between machines of all kinds, from servers to applications, Kubernetes clusters and microservices. We’ve seen countless times how North Korean hackers use signed certificates to access networks, passing malicious software off as legitimate and enabling them to launch devastating supply chain attacks. Incidents such as the 2014 Sony Hack, or the $101 million heist of the Bangladesh Bank via the SWIFT banking system, have demonstrated North Korea’s long-standing interest in the malicious use of machine identities. This attack makes use of a similar technique so could deal similar damage as Lazarus understands machine identity and exploits it so effectively, whilst it’s still such a blind spot for many organizations.”
The North Koreans are clearly looking for new angles to get whatever it is they are looking for. Which of course is bad for all of us. Thus businesses everywhere have to be on guard for whatever they have planned next.
Like this:
Like Loading...
Related
This entry was posted on August 17, 2022 at 5:34 pm and is filed under Commentary with tags North Korea. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
The North Koreans Have A New Cyberespionage Campaign Say ESET
You might recall that I posted a story on North Koreans posing to get IT jobs in the US. I have a follow up on that story with a bit of a twist. ESET researchers sent a series of tweets outlining a cyberespionage campaign by North Korean APT group Lazarus that is targeting Apple and Intel chip systems via a fake engineering job post supposedly from Coinbase.
Kevin Bocek, VP Security Strategy and Threat Intelligence at Venafi had this to say:
“The North Korean APT group Lazarus has made a real name for itself with its cyberespionage campaigns, and this attack targeting developers with signed executables has the potential to inflict huge damage on North Korea’s rivals. Our research shows that the proceeds of cybercriminal activities from North Korean APT groups are being used to circumvent international sanctions and gather intelligence. The money from such attacks is being funnelled directly into the DPRK’s weapons programmes, and any intel gathered could also be used against its enemies.”
“A key component of the attack is the use of a signed executable disguised as a job description. Code signing certificates has become the modus operandi for many North Korean APT groups, as these digital certificates are the keys to the castle, securing communication between machines of all kinds, from servers to applications, Kubernetes clusters and microservices. We’ve seen countless times how North Korean hackers use signed certificates to access networks, passing malicious software off as legitimate and enabling them to launch devastating supply chain attacks. Incidents such as the 2014 Sony Hack, or the $101 million heist of the Bangladesh Bank via the SWIFT banking system, have demonstrated North Korea’s long-standing interest in the malicious use of machine identities. This attack makes use of a similar technique so could deal similar damage as Lazarus understands machine identity and exploits it so effectively, whilst it’s still such a blind spot for many organizations.”
The North Koreans are clearly looking for new angles to get whatever it is they are looking for. Which of course is bad for all of us. Thus businesses everywhere have to be on guard for whatever they have planned next.
Share this:
Like this:
Related
This entry was posted on August 17, 2022 at 5:34 pm and is filed under Commentary with tags North Korea. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.