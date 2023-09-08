City Life

Kuwulula Matekinoloje Atsopano ndi Mphamvu ya AI

Technology

North Korea Cyber ​​Campaign Imatsata Ofufuza Zachitetezo, Amagwiritsa Ntchito Chiwopsezo cha Zero-Day

ByMampho Brescia

Sep 8, 2023
North Korea Cyber ​​Campaign Imatsata Ofufuza Zachitetezo, Amagwiritsa Ntchito Chiwopsezo cha Zero-Day

Google’s Threat Analysis Group (TAG) has revealed details about a cyber campaign originating from North Korea that specifically targets security researchers. The campaign, which has been monitored since January 2021, involves multiple attacks and the exploitation of at least one zero-day vulnerability. While Google has not disclosed the specifics of the vulnerability and the affected software, the company has reported the issue to the vendor, who is currently working on a patch.

In these attacks, the threat actors establish communication with security researchers through social media platforms before moving on to encrypted messaging apps. Once trust is established, the attackers distribute malicious files containing zero-day vulnerabilities in widely used software packages. When successfully exploited, the malicious code conducts anti-virtual machine checks and transmits collected data to a command-and-control domain controlled by the attackers.

According to John Gallagher, Vice President of Viakoo Labs at Viakoo, it is challenging to monitor and deeply investigate all interactions in the world of security research, which often relies on relationships formed over the internet. He advises organizations to adopt a “no exceptions” policy when handling software or links from outside their organization.

Apart from zero-day exploitation, the threat actors have also developed a Windows tool that downloads debugging symbols from major symbol servers, including those of Microsoft, Google, Mozilla, and Citrix. This seemingly legitimate tool can execute arbitrary code from attacker-controlled domains, potentially compromising victims’ systems.

The targeting of security researchers by nation-state actors like North Korea and Russia has become more frequent and sophisticated over the years. These operations aim to not only steal information but also gain insights into defense mechanisms, refine tactics, and evade future detection.

To mitigate these threats, TAG advises individuals who may have downloaded or run the tool to take precautions, including considering a system reinstall.

Source: Google Threat Analysis Group (TAG)

By Mampho Brescia

zokhudzana Post

Technology

Apple Imapeza Swedish Classical Music Label BIS Records

Sep 9, 2023 Vicky Stavropoulou
Technology

Momwe Mungathetsere Mawu ndi Maupangiri Ena Othandiza

Sep 9, 2023 Mampho Brescia
Technology

Mutha Kukhala Eni Kangaude wa Sebastien Loeb McLaren 675LT

Sep 9, 2023 Gabriel Botha

Munaphonya

Nkhani

Kusintha kwa Ma Wireless Networks: Kuchokera ku 4G mpaka 5G ndi Kupitilira

Sep 9, 2023 0 Comments
Nkhani

Kutulutsa Zomwe Zingatheke: Momwe Graphene ndi Nanomaterials Zimasinthira Kupaka

Sep 9, 2023 0 Comments
Technology

Apple Imapeza Swedish Classical Music Label BIS Records

Sep 9, 2023 Vicky Stavropoulou 0 Comments
Science

Asayansi Amapeza Umboni Wokhala Ndi Zinthu Zakale Zokhudza Kukhazikika Kokhazikika kwa Nyanja Yakuya ndi Urchins Zam'madzi Zosakhazikika

Sep 9, 2023 Gabriel Botha 0 Comments