North Korean cyberattack activity appears to have ramped up ahead of the highly anticipated US-North Korea summit, which is expected to take place on 12 June 2018.
North Korean hackers known as Group 123 have been identified as the party responsible for new malware activity targeting users in South Korea.
The group has allegedly launched a spear-phishing campaign which sends an email with an attached document purporting to be about the upcoming US-North Korea summit. If users open the document, titled “Prospects for US-North Korea Summit”, a remote access Trojan called “NavRAT” is downloaded. Once the malware is downloaded, hackers can perform various actions on the victim’s computer, such as transferring stolen data. The malware has targeted Naver Mail, part of Naver Corp, South Korea’s most popular Internet portal operator.
Fortunately for Naver Mail users, the hackers appear to have failed to take into account Naver email’s security features, which automatically lock an account if login attempts are made from several geographically different locations simultaneously. This may limit the ability for the malware to communicate with, and send or receive data from the attacker-controlled email accounts.
In other news, on 29 May 2018 the US Homeland Security Department’s Computer Emergency Readiness Team also issued an alert about two other types of malware. The team attributed the “Joanap” and “Brambul” malware to the North Korean government. The malware has reportedly been used to target victims globally, in the critical infrastructure, aerospace, financial and media sectors and is part of a slew of North Korean government cyber activities known as “Hidden Cobra”.
Sarah Goegan also contributed to this post.