- This Samsung phone is the model most people should buy (and it's not a flagship)
- The 50+ best Black Friday Walmart deals 2024: Early sales live now
- How to Dockerize WordPress | Docker
- The smartwatch with the best battery life I've tested is also one of the cheapest
- One of the most immersive portable speakers I've tested is not made by Sony or Bose
State-sponsored North Korean hackers responsible for blitz of attacks in 2021
Suspected government-backed hackers from North Korea launched almost weekly cyberattacks on a wide array of targets throughout the first half of 2021, according to research released on Thursday by security firm Proofpoint.
The group, dubbed TA406, engaged in espionage, digital crime, and sextortion. It conducted frequent credential phishing campaigns against foreign policy experts and non-governmental groups whose work related to the Korean peninsula, as well as journalists and academics.
Researchers also uncovered, for the first time, two campaigns where the group attempted to distribute malware that could be used for information gathering.
The activity tracked as TA406 by Proofpoint is often referred to publicly as “Kimsuky,” or “Thallium,” a notorious hacking group with ties to the North Korean military known for attacks against Western diplomatic and national security organizations, and Konni, a family of remote access trojans. The group has conducted espionage-motivated campaigns since at least 2012 and financially-motivated campaigns since at least 2018, according to the company.
The Proofpoint research details how TA406 shifted from its focus from credential theft to spreading malware via email.
The first instance, in March, involved messages that claimed to be from a top North Korea expert and targeted entities in North America. The second, which took place in June, came from the same sender and purported to be from a well-known foreign policy specialist.
“Proofpoint anticipates this threat actor will continue to conduct corporate credential theft operations frequently, targeting entities of interest to the North Korean government,” the report concludes.