A true diplomat is someone who can cut his neighbor’s throat without letting his neighbor notice. Former UN Secretary-General Trigoff Lai once said Allegedly Said.
The North Korean government seems to have understood this task.
According to the CrowdStrike research shared exclusively with the “Daily Beast”, hackers suspected of being connected to the Pyongyang dictatorship have been hunting down Chinese security researchers, apparently trying to steal their hacking technology and use it as their own.
In this case, North Korean hackers used Chinese decoy files labeled “Securitystatuscheck.zip” and “_signed.pdf” to target Chinese security researchers, hoping that the researchers would be forced to click on them. Although the files discovered by CrowdStrike in June contained cybersecurity information from the Ministry of Public Security of China and the National Information Security Standardization Technical Committee, the hacker team most likely sent files with booby traps.
Adam Meyers, vice president of intelligence at CrowdStrike, told The Daily Beast that the North Korean hacker group that cybersecurity company CrowdStrike calls the “Stardust Maxima” (other researchers call it the Lazarus Group) is likely to send bait via email. Meyers stated that CrowdStrike could not access these emails or the victim’s initial route, but the campaign appeared to mimic earlier North Korean hacking missions that used email and social media to try to distribute malware to security researchers.
Strategies targeting security researchers in other countries may be particularly useful to the North Korean government. It can broaden the roadmap of the Kim Jong Un hacker team to surpass other hackers around the world. Meyers told The Daily Beast that these actions may make it possible for North Koreans to steal loopholes or learn new hacking skills that they would not otherwise possess.
For North Korea, which conducts hacking operations aimed at raising revenue to fund the regime (including its nuclear weapons program), new hacking techniques may have a significant impact.
“Especially for vulnerability research, this can be interesting-it actually allows you to collect and steal weapons that can be used in other operations. It also allows them to gain insights into new technologies that they don’t know and how the research is conducted, “Meyers said. “It can also let you know the security situation in other countries.”
This is just the latest sign that the North Korean government may be working hard to acquire new hacking techniques and tools to carry out economically motivated hacking operations. However, unlike diligent internal research, this hacking activity showed that instead of innovating on their own, they copied the hacker manual directly from foreign security researchers.
This will not be the first time. North Korean hackers launched a well-planned campaign earlier this year that included a fake security research blog, a fake company, and fake Twitter user portraits, trying to invade security researchers and gather intelligence on their latest cyber security work . survey Earlier this year by GoogleIn this activity, hackers used aliases such as Billy Brown and Guo Zhang to attack researchers through Twitter, LinkedIn, Telegram, Discord, Keybase, and email, and then planted malware that could steal files on their computers.
But the hackers did not seem to stop. According to CrowdStrike, the activities carried out in China may be an extension and continuation of earlier activities aimed at security researchers, this time focusing on neighboring China.
Meyers said that the North Korean government’s hacker department may be ordered to find ways to fund regime targets, focusing on “how do you ensure that you have access to the latest vulnerabilities, the latest exploitation techniques, and the latest research to continue. The field continues to innovate. [and] This helps North Korean intelligence agencies improve their capabilities by stealing such information,” he said.
In particular, the North Korean hacker team may be interested in obtaining particularly sensitive vulnerabilities called “zero-days,” which are software or hardware defects that the company does not know and cannot fix if they have used them. These vulnerabilities are called zero-day vulnerabilities, because these companies will have zero days to fix them if they find that they are being exploited.
Vikram Thakur, technical director of Symantec, told The Daily Beast that Chinese hackers are prolific in obtaining zero-day vulnerabilities, which makes them anyone interested in exploiting others The mature target of the team of hackers who discovered the escape
Chinese security researchers are the main target, because “the largest number of zero-days found in any country in the world may be China,” said Thakur, who is dedicated to tracking North Korean hacker teams. “In my opinion…Lazarus [Group] Otherwise, North Korea will try to arm itself with zero days. “
According to reports, China is indeed leading the way in the zero-day issue. Fire eye Research. In the past ten years, North Korea has used three zero days. But China uses 20—far more than any other country.
At least, China Have Last year this department was the best. According to this kind of thinking, North Korea may be trying to change this balance by riding China’s tail. James Sadowski, senior analyst of strategic analysis at Mandiant Threat Intelligence, told The Daily Beast last week that the number of zero days used has been increasing since they first released the report. According to Sadowski, the number is now 76.
“It’s always hard to know [the] Anton Cherepanov, a senior malware researcher at the Slovakia-based cybersecurity company, said: “The real ultimate goal of the attacker. ESET, He recently discovered what he thinks may be another branch of a wide-ranging campaign against security researchers. (Earlier this month, Cherepanov discovered that the popular reverse engineering software IDA Pro had been tampered with—the software was almost exclusively used by security researchers.)
“As far as Chinese researchers are concerned, I guess the attackers are interested in vulnerabilities [and, or] Exploitation of certain products,” Cherepanov said.
Either way, this campaign against Chinese hackers looks particularly determined. One of the best ways to get a target to click on a file with malicious software or spam links is to scare the victim-for example by claiming that they have an urgent task at hand, by referring to their sensitive information, or by imitating the boss or controlling authority. With reference to the Chinese government’s security department, these decoys seem to be very suitable for Chinese citizens, especially security experts.
“In China, usually any email from any government agency is considered the highest priority of any individual in the country,” Thakur said. “If a researcher receives a technical email from the government, then the researcher, the end user, has a very high chance of clicking the bait.”
CrowdStrike’s research is not clear whether North Koreans can claim any victims, but even security researchers trying to attack neighboring China have shown that these hacker teams are shameless about their hacking missions and will not be easily prevented.