CyberSecurityBoard
Sponsor Register Login

North Korea Profits as 'Stonefly' APT Swarms US Co's.

Researchers at Symantec's Threat Hunter Team said this week that the state-sponsored group it tracks as "Stonefly" (aka Andariel, APT45, Silent Chollima, and Onyx Sleet) is flaunting an indictment and a $10 million bounty from the US Department of Justice (DoJ), in order to rack up more funds for the Kim Jong-Un regime. Stonefly in the past targeted hospitals and other healthcare providers during the pandemic (which drew the DoJ scrutiny), and is known for going after high-value espionage targets like US Air Force bases, NASA Office of Inspector General, and government organizations in China, South Korea, and Taiwan. The toolbox also included Nukebot, which is a backdoor capable of executing commands, downloading and uploading files, and taking screenshots; Mimikatz; two different keyloggers; the Sliver open source cross-platform penetration testing framework; the PuTTY SSH client; Plink; Megatools; a utility that takes snapshots of folder structures on a hard drive and saves them as HTML files; and FastReverseProxy, which can expose local servers to the public Internet. The focus on snapping up funds is a relatively new flex for the group, Symantec researchers stressed, even though other North Korean APTs are dedicated to grifting foreign currency for the regime. With Stonefly's less-targeted focus on siphoning funds from unsuspecting private companies, it pays for everyday businesses that might not normally think of themselves as APT targets to get familiar with the group's indicators of compromise (IoCs). Stonefly, which is part of North Korea's Reconnaissance General Bureau (RGB), mounted assaults on three organizations in the US in August, about a month after the DoJ moved against the group. "In several of the attacks, Stonefly's custom malware Backdoor.Preft (aka Dtrack, Valefor) was deployed," according to Symantec's blog post. A well-known North Korean advanced persistent threat (APT) has shifted its focus to targeting private companies in the US for financial gain. "Since at least 2019, Symantec has seen its focus shift mainly to espionage operations against select, high-value targets," according to the analysis. The victims, the researchers noted, had "no obvious intelligence value," and were likely being prepped for a ransomware whammy — though the intrusions were detected before the endgame could play out.

This Cyber News was published on www.darkreading.com. Publication date: Wed, 02 Oct 2024 21:45:16 +0000


Cyber News related to North Korea Profits as 'Stonefly' APT Swarms US Co's.

North Korea Profits as 'Stonefly' APT Swarms US Co's. - Researchers at Symantec's Threat Hunter Team said this week that the state-sponsored group it tracks as "Stonefly" (aka Andariel, APT45, Silent Chollima, and Onyx Sleet) is flaunting an indictment and a $10 million bounty from the US ...
2 weeks ago Darkreading.com
North Korea-linked APT Kimsuky targeted German defense firm Diehl Defence - North Korea-linked APT group Kimsuky has been linked to a cyberattack on Diehl Defence, a defense firm specializing in the production of advanced military systems. “Researchers from Mandiant, a Google subsidiary, uncovered and analyzed a ...
2 weeks ago Securityaffairs.com
State-Sponsored APT Groups Use Ransomware Tactics for Intelligence Gathering and Sabotage - State-sponsored threat groups are increasingly using ransomware-like tactics to hide more insidious activities. Russian APT group Sandworm has used ransomware programs to destroy data multiple times in the past six months, while North Korea's Lazarus ...
1 year ago Csoonline.com
Experts from the United Nations Report North Korean Hackers Have Taken a Large Amount of Digital Assets - Last year, North Korean hackers working for the government stole a record-breaking amount of virtual assets estimated to be worth between $630 million and more than $1 billion, according to a new report from U.N. experts. The panel of experts said ...
1 year ago Securityweek.com
North Korea's state hackers stole $3 billion in crypto since 2017 - North Korean-backed state hackers have stolen an estimated $3 billion in a long string of hacks targeting the cryptocurrency industry over the last six years since January 2017. Kimsuky, Lazarus Group, Andariel, and other North Korean hacking groups ...
10 months ago Bleepingcomputer.com
US, Japan and South Korea Unite to Counter North Korean Cyber Activiti - The US, Japan and South Korea have established a high-level consultative body designed to counter North Korea's cyber activities. A key purpose of the new group is to prevent cyber-attacks and crypto heists used to fund North Korea's weapons ...
10 months ago Infosecurity-magazine.com
North Korea APT Slapped With Cyber Sanctions After Satellite Launch - The US Department of the Treasury Office of Foreign Assets Control has announced it has sanctioned cyberespionage group Kimsuky for collecting intelligence on behalf of the Democratic People's Republic of Korea. The OFAC said the sanctions are ...
10 months ago Darkreading.com
North Korean Hackers Behind Major Cyberattacks, Confirmed by FBI - The FBI released a statement confirming that North Korea was behind a series of major cyberattacks in the past year. It is the first time that the FBI has attributed such activity to North Korea. The attacks included intrusions into networks, ...
1 year ago Thehackernews.com
Woman Accused of Helping North Korean IT Workers Infiltrate Hundreds of US Firms - The US government has announced charges, seizures, arrests and rewards as part of an effort to disrupt a scheme in which North Korean IT workers infiltrated hundreds of companies and earned millions of dollars for North Korea. According to the ...
5 months ago Securityweek.com
Seoul Police Reveals: North Korean Hackers Stole South Korean Anti-Aircraft Data - South Korea: Seoul police have charged Andariel, a North Korea-based hacker group for stealing critical defense secrets from South Korea's defense companies. Allegedly, the laundering ransomware is redirected to North Korea. One of the 1.2 terabytes ...
10 months ago Cysecurity.news
What is an advanced persistent threat? - An advanced persistent threat is a prolonged and targeted cyber attack in which an intruder gains access to a network and remains undetected for an extended period. APT attacks are initiated to steal highly sensitive data rather than cause damage to ...
10 months ago Techtarget.com
North Korean Hackers Utilizing Credential Stuffing to Launch Cyberattacks - In an alarming new report, researchers found that North Korean-linked hackers have been using stolen passwords during cyberattacks to gain access to various government, military and financial networks. According to security experts, the creative ...
1 year ago Thehackernews.com
US govt sanctions North Korea's Kimsuky hacking group - The Treasury Department's Office of Foreign Assets Control has sanctioned the North Korean-backed Kimsuky hacking group for stealing intelligence in support of the country's strategic goals. OFAC has also sanctioned eight North Korean agents for ...
10 months ago Bleepingcomputer.com
Moonstone Sleet emerges as new North Korean threat actor with new bag of tricks - Microsoft has identified a new North Korean threat actor, now tracked as Moonstone Sleet, that uses both a combination of many tried-and-true techniques used by other North Korean threat actors and unique attack methodologies to target companies for ...
4 months ago Microsoft.com
FBI Charges North Korean Hackers Over $100 Million Stolen in Crypto Hack - The FBI has recently charged a North Korean hacker in connection with the Harmony crypto hack from which the hacker allegedly stole over $100 million. The hacker, Jon Chang Hyok, is a member of the North Korean military intelligence agency, the ...
1 year ago Bleepingcomputer.com
North Korean Hackers Use Fake Job Offers & Salary Bumps as Lure for Crypto Theft - Recent investigations have uncovered a massive operation carried out by North Korean hackers looking to steal cryptocurrency through fake job offers and salary bumps. According to recent reports, hackers have been able to trace the malicious ...
1 year ago Therecord.media
UK, ROK sound alarm over North Korean supply chain attacks The Register - The national cybersecurity organizations of the UK and the Republic of Korea have issued a joint advisory warning of an increased volume and sophistication of North Korean software supply chain attacks. "In an increasingly digital and interconnected ...
10 months ago Theregister.com
Private US companies targeted by Stonefly APT - Help Net Security - “Given available information, it is possible that APT45 is carrying out financially-motivated cybercrime not only in support of its own operations but to generate funds for other North Korean state priorities,” Mandiant analysts said, and ...
2 weeks ago Helpnetsecurity.com
North Korean Actors Behind $600M in Crypto Thefts: TRM Labs - According to a TRM Labs analysis, hackers with ties to North Korea were responsible for one-third of all cryptocurrency exploits and thefts last year, taking away about $600 million in cash. The blockchain analytics company claimed on Friday that the ...
9 months ago Cysecurity.news
How 'Big 4' Nations' Cyber Capabilities Threaten the West - COMMENTARY. There are four nations deemed by the US and UK governments to pose the greatest threat to the West. Russia's cyber-threat activities are primarily focused on offensive cyber operations, China's are focused on cyber espionage, Iran's on ...
8 months ago Darkreading.com
North Korea's ScarCruft Attackers Gear Up to Target Cybersecurity Pros - ScarCruft, the North Korea-sponsored advanced persistent threat group, is gearing up for targeted attacks on cybersecurity researchers and other members of the threat intelligence community - likely in a bid to steal nonpublic threat intel and ...
8 months ago Darkreading.com
Dragos Expands ICS Platform with New Acquisition - "We grew pretty fast to become the de facto solution in the electric industry as the OT network visibility and segmentation analysis solution, which is extremely important in the case of compliance for the regulation in this industry," ...
2 weeks ago Darkreading.com
UAE, Saudi Arabia Become Plum Cyberattack Targets - Hacktivism-related DDoS attacks have risen 70% in the region, most often targeting the public sector, while stolen data and access offers dominate the Dark Web. With the UAE and Saudi Arabia increasingly invested in digitization, AI development, and ...
2 weeks ago Darkreading.com
DPRK's APT37 Targets Cambodia in Khmer - The North Korean state-sponsored threat actor known as APT37 has been carefully spreading a novel backdoor, dubbed "VeilShell." Of note is its target: Most North Korean advanced persistent threats (APTs) have a history of targeting ...
2 weeks ago Darkreading.com
US seizes Sinbad crypto mixer used by North Korean Lazarus hackers - The U.S. Department of the Treasury has sanctioned the Sinbad cryptocurrency mixing service for its use as a money-laundering tool by the North Korean Lazarus hacking group. A cryptocurrency mixer is a server that allows people to deposit crypto, ...
10 months ago Bleepingcomputer.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)