North Korean hackers were caught snooping around China Cyber ​​Forces.

North Korean hackers were caught snooping around China Cyber ​​Forces.

In this case, North Korean hackers targeted Chinese security researchers with Chinese-language lure documents labeled “Securitystatuscheck.zip” and “_signed.pdf,” in the hopes that the researchers would be compelled to click on them. While the documents, which CrowdStrike uncovered in June, contained cybersecurity information from China’s Ministry of Public Security and the National Information Security Standardization Technical Committee, the hacking team was likely sending booby-trapped documents.

Trygve Lie, the previous UN Secretary-General, is reputed to have once quipped that a true diplomat can slash his neighbor’s throat without his neighbour noticing.
The North Korean administration appears to have grasped the task.
According to CrowdStrike information provided exclusively with The Daily Beast, hackers with suspected ties to the Pyongyang government have been targeting Chinese security researchers in an apparent attempt to steal their hacking techniques and pass them off as their own.

The North Korean hacking gang responsible, which cybersecurity firm CrowdStrike calls “Stardust Chollima”—and which other researchers label Lazarus Group—in all likelihood sent the lures over email, Adam Meyers, vice president of intelligence at CrowdStrike, told The Daily Beast. CrowdStrike does not have access to those emails or the initial routes to victims, but this campaign appears to imitate earlier North Korean hacking missions that used email and social media to attempt distributing malware to security researchers, says Meyers.

The tactic of targeting security researchers in other countries could be particularly useful for the North Korean government. It could broaden Kim Jong Un’s hacking team’s roadmap to outsmarting other hackers around the world. And these operations, Meyers told The Daily Beast, likely make it possible for the North Koreans to steal exploits or learn new hacking skills they otherwise wouldn’t have.

For North Korea, which runs hacking operations aimed at raising revenue to fund the regime—including its nuclear weapons program—new hacking know-how could make all the difference.

“For vulnerability research in particular that would be interesting—it in effect allows you to collect and steal weapons that you can use for other operations. It could also give them insight into new techniques that they’re not aware of and how research is being conducted,” Meyers said. “It also lets you know what the security posture looks like in other countries.”

It’s just the latest signal that the North Korean government may be working to obtain new hacking techniques and tools in an effort to run financially motivated hacking operations. But instead of diligent, internal research, this hacking campaign suggests that instead of innovating on their own, they’re straight up working to crib hacking playbooks from security researchers abroad.

It wouldn’t be the first time. North Korean hackers earlier this year ran an elaborate campaign, complete with a fake security research blog, a fake company, and bogus Twitter personas, to try hacking security researchers and collect intelligence on their latest cybersecurity work, according to an investigation published earlier this year by Google. In that campaign, the hackers targeted researchers via Twitter, LinkedIn, Telegram, Discord, Keybase, and email, using aliases such as Billy Brown and Guo Zhang, later lacing malware capable of stealing files on their computers.

But the hackers don’t appear to have stopped. The campaign in China is likely an extension and continuation of that earlier campaign targeting security researchers, with a focus on neighboring China this time around, according to CrowdStrike. Meyers said the hacking branches of the North Korean government are likely being ordered to find ways to fund regime goals, with a focus on, “how do you make sure you have access to the latest vulnerabilities, the latest exploitation techniques, the latest research that’s going on. There’s constantly innovation in that space [and] this helps the North Korean intelligence services improve their capabilities by stealing this type of information,” he said.

In particular, the North Korean hacking team could be interested in obtaining especially sensitive vulnerabilities called “zero days,” which are software or hardware flaws that companies don’t know about and therefore can’t fix, making them especially powerful if they’re used. The vulnerabilities are known as zero days because the companies, if they ever find someone taking advantage, will have zero days to patch. Chinese hackers are prolific at obtaining zero days, making them a ripe target for any hacking team interested in running off with someone else’s find, Vikram Thakur, a technical director at Symantec, told The Daily Beast

Chinese security researchers are a prime target, as “the most number of zero days found by any country in the world is probably China,” said Thakur, who is dedicated to tracking North Korean hacking teams. “In my opinion… Lazarus [Group] or North Korea would have been trying to arm themselves with zero days.” China is, indeed, at the top of its game when it comes to zero days, according to FireEye research. Over the last decade, North Korea used three zero days. But China’s used 20—far more than any other country.

At least, China had the most prowess in this department last year. As the thinking goes, North Korea might be trying to ride China’s coattails and change that balance. James Sadowski, a senior analyst in strategic analysis at Mandiant Threat Intelligence, told The Daily Beast last week the number of zero days used has only been creeping up since they first published their report. The count now is at 76, according to Sadowski. “It’s always hard to know [the] real end goal of attackers,” said Anton Cherepanov, a senior malware researcher at the Slovakia-based cybersecurity firm ESET, who recently found what he thinks is potentially another prong of the broad campaign against security researchers. (Early this month, Cherepanov found a popular reverse-engineering software, IDA Pro, was tampered with—software that is almost exclusively used by security researchers.)

“In case of Chinese researchers, I guess that the attackers are interested in vulnerabilities [and, or] exploits for certain products,” Cherepanov said. Either way, this campaign targeting Chinese language hackers looked particularly determined. One of the best ways to get targets to click on documents laden with malware or spammy links is to instill fear in victims—such as by claiming an urgent task is at hand, by referencing their sensitive information, or by imitating a boss or controlling authority. By referencing Chinese government security authorities, the lures appear to have been very well-tailored for Chinese nationals, and in particular, security experts.

The News Highlights

  • North Korean hackers were caught snooping around China Cyber ​​Forces.
  • Check the latest update on Security news
  • .

Disclaimer: If you need to edit or update this news from compsmag then kindly contact us Learn more

For Latest News Follow us on Google News


Latest Headlines
  • Show all
  • Trending News
  • Popular By week
Chicago Thieves targets a number of retail stores in an upscale neighborhood on Black Friday
Chicago Thieves targets a number of retail stores in an upscale neighborhood on Black Friday
A Boost Mobile store on West Division Street was the third business hit at about 2:40 a.m. Police arrived to find the store’s front doors forced open and ...
The price of the Corsair HS60 Haptic Carbon gaming headset has dropped to just under $100
The price of the Corsair HS60 Haptic Carbon gaming headset has dropped to just under $100
Corsair HS60 Haptic Carbon deal The Corsair HS60 Haptic Carbon gaming headset uses haptic bass to give you a new level of immersion in your gaming ...
Local businesses depend on the city this holiday season;  Saturday for small businesses and the last days of market for stores in Uptown Columbus
Local businesses depend on the city this holiday season; Saturday for small businesses and the last days of market for stores in Uptown Columbus
Market Days in Uptown is the cities way of showcasing small businesses throughout the fall. With local vendors like, ‘It’s Tamale Time’ lining Broadway, ...
Rumor has it that Poco is working on a renamed Redmi G series laptop: Learn more
Rumor has it that Poco is working on a renamed Redmi G series laptop: Learn more
Going by a 91Mobiles report in collaboration with tipster Mukul Sharma, the said Redmi G series laptop battery was listed on the BIS website with the G16B01W ...
The cost of BAT hits a new record after rising 30% a day as the primary attention token brings down the cryptographic downtrend
The cost of BAT hits a new record after rising 30% a day as the primary attention token brings down the cryptographic downtrend
Ether (ETH), the second-largest crypto, dropped over 9% to almost $4,000. Solana (SOL), Cardano (ADA), XRP, Binance Coin (BNB), and other tokens plunged in ...
Apple's smart glasses will include the M1 chip, according to Ming-Chi Kuo!  AR gadget to provide efficient self-promotion
Apple’s smart glasses will include the M1 chip, according to Ming-Chi Kuo! AR gadget to provide efficient self-promotion
The ODG R-8 AR/VR smartglasses are on show at the Mandalay Bay Convention Center at a Qualcomm press event for CES 2017 on January 3, 2017 in Las Vegas, ...
Finance Minister Zafrul, refuting the criticisms, says the large allocation to Bumis makes numerical sense
Finance Minister Zafrul, refuting the criticisms, says the large allocation to Bumis makes numerical sense
The former banker said Budget 2022 was formulated to embody the “Keluarga Malaysia” spirit, the brainchild policy of Prime Minister Datuk Seri Ismail Sabri ...
Players in EVE Online are protesting proposed mining changes
Players in EVE Online are protesting proposed mining changes
Although the game may be most notorious for its massive spaceship battles, there are many reasons for EVE Online’s popularity and longevity. One of them is ...
Dr. Disrespect Destroys Controller Halo Infinite Aim Assist
Dr. Disrespect Destroys Controller Halo Infinite Aim Assist
Among the video game streaming community, Dr Disrespect has made a name for himself with his brash attitude, a number of controversies and a huge following ...
The World Health Organization considers the new COVID strain a “concern variant”
The World Health Organization considers the new COVID strain a “concern variant”
For Breaking News & Analysis Download the Free CBS News app More President Biden was briefed on the new variant Friday, a White House official ...
Show next
We will be happy to hear your thoughts

      Leave a reply

      Compsmag - Latest News In Tech and Business
      Logo