North Korean Hackers Can’t Seem to Take a Breath

While the entire world is fighting against a pandemic, cybercriminals are in a different race altogether. 

What’s going on?

North Korea-based hackers have targeted the defense and aerospace sectors in the U.S. with fake job offers. Dubbed “Operation North Star”, the attacks commenced in March and lasted through May. According to researchers, similarities in TTPs have been detected between these attacks and previous campaigns launched by Hidden Cobra.

The trick

  • The attackers used common spear-phishing emails that lured victims into opening boobytrapped documents disguised under the theme of potential job offers.
  • These malicious documents contained job descriptions from the aerospace and defense sectors.
  • A technique name template injection was used by the adversary. With this technique, a weaponized document can download an external Word template containing macros.
  • Apart from this, victims were also targeted through social media.

More tricks up the sleeve

  • Further investigation disclosed information regarding the threat actors using domestic South Korean politics as lures. 
  • Several documents were created in the Korean language using similar techniques like that of the defense sector lures. 

The bottom line

These campaigns are focused on intelligence gathering since cyber espionage is a major way for the North Korean regime to support its nuclear ambitions. Moreover, North Korea has built a formidable army of cybercriminals, who have proven their prowess through a diverse range of operations. Thus, it is recommended that organizations and individuals follow proper cyber hygiene to stay ahead of these threats.