Recent Trends Among North Korean Hackers

North Korean threat actors have gained immense notoriety for their constant barrage of cyberattacks on organizations and businesses across the globe.

What’s going on?

The U.S. Department of Homeland Security (DHS) issued a warning against the new BLINDINGCAN RAT that is being used by the Lazarus hacking group. This remote access trojan boasts an extensive set of capabilities, which are being used to launch cyber espionage attacks against organizations operating in the defense and aerospace sectors. 

What does this imply?

Organizations need to be on the lookout for cryptojacking attacks, money laundering schemes, extortion campaigns, and cyber-enabled financial theft scams.

Recent attacks

  • Earlier this month, Lazarus launched an attack against defense manufacturers and government entities in Israel. The campaign, dubbed Operation Dream Job, was active since the beginning of the year and leveraged social engineering.
  • North Korea based hackers targeted the defense and aerospace sectors in the U.S. with fake job offers. Named as Operation North Star, the campaign employed spear-phishing emails to lure victims into opening booby-trapped documents.    
  • As per a report by Kaspersky, North Korean threat actors have been linked with a new ransomware strain - VHD

Hackers on trend

  • Magecart attacks have witnessed a spike since the COVID-19 restrictions were imposed globally. APT38, also known as Lazarus or Hidden Cobra, is also believed to be one of the main culprits behind Magecart-style attacks. 
  • Out of the four cyberwarfare sub-divisions of North Korea's Bureau 121, three of them operate from countries such as Russia, Malaysia, Belarus, India, and China.
  • North Korean threat actors usually have two motives - cyberespionage and financial crime to raise money for the Pyongyang government. Some of the money-raising crimes include hacking banks, orchestrating ATM cashouts, hacking cryptocurrency exchanges, and running crypto-mining botnets.

The takeaway

The bottom line is that North Korea-based threat actors have been found to gravitate towards any kind of cybercrime that would generate a humongous profit for them. Moreover, cyberespionage is another way for the cybercriminals to gain intelligence to benefit the regime’s nuclear ambitions. Thus, it is recommended that organizations and businesses follow cyber hygiene to the tee to keep themselves safe from these malicious attacks.