- Learn a new language with Babbel for 69% off
- How to upgrade your 'incompatible' Windows 10 PC to Windows 11: Two options
- Wiping a Windows laptop? Here's the safest way to erase your personal data - for free
- From Burnout to Balance: How AI Supports Cybersecurity Professionals
- Microsoft to start charging for Windows 10 updates next year. Here's how much
State-sponsored North Korean hackers responsible for blitz of attacks in 2021
Suspected government-backed hackers from North Korea launched almost weekly cyberattacks on a wide array of targets throughout the first half of 2021, according to research released on Thursday by security firm Proofpoint.
The group, dubbed TA406, engaged in espionage, digital crime, and sextortion. It conducted frequent credential phishing campaigns against foreign policy experts and non-governmental groups whose work related to the Korean peninsula, as well as journalists and academics.
Researchers also uncovered, for the first time, two campaigns where the group attempted to distribute malware that could be used for information gathering.
The activity tracked as TA406 by Proofpoint is often referred to publicly as “Kimsuky,” or “Thallium,” a notorious hacking group with ties to the North Korean military known for attacks against Western diplomatic and national security organizations, and Konni, a family of remote access trojans. The group has conducted espionage-motivated campaigns since at least 2012 and financially-motivated campaigns since at least 2018, according to the company.
The Proofpoint research details how TA406 shifted from its focus from credential theft to spreading malware via email.
The first instance, in March, involved messages that claimed to be from a top North Korea expert and targeted entities in North America. The second, which took place in June, came from the same sender and purported to be from a well-known foreign policy specialist.
“Proofpoint anticipates this threat actor will continue to conduct corporate credential theft operations frequently, targeting entities of interest to the North Korean government,” the report concludes.