At a glance.
- North Korea's increasingly supple cyber offensives.
- A look at Cl0p.
- NetSupport RAT's fake update vectors.
- Crackable radio encryption standard: a bug or a feature?
- HotRat, a Trojan that accompanies illegally pirated software and games.
- CISA adds two Adobe ColdFusion vulnerabilities to its Known Exploited Vulnerability Catalog.
- Sanctioned Russian surveillance tech executive dies at 40.
North Korea's increasingly supple cyber offensives.
Mandiant this morning released research into current activity by Pyongyang's UNC4899, which it describes as "a Democratic People's Republic of Korea (DPRK)-nexus actor, with a history of targeting companies within the cryptocurrency vertical." Mandiant "assesses with high confidence that UNC4899 is a cryptocurrency-focused element within the DPRK's Reconnaissance General Bureau (RGB)," and the researchers also believe it's the same activity tracked and reported elsewhere as TraderTraitor. Mandiant's research was conducted in the course of its investigation of a supply chain attack on one of JumpCloud's customers. North Korean operators have undergone years of refinement and coordination to the point where they represent an agile and sophisticated adversary, with shared tooling and targeting. Mandiant's report concludes, "This seeming “streamlining” of activities by DPRK often makes it difficult for defenders to track, attribute, and thwart malicious activities, while enabling this now collaborative adversary to move stealthily and with greater speed."
Charles Carmakal, Mandiant Consulting CTO, Google Cloud, commented in an email on the improvements his organization has observed in the DPRK's cyber operations. “North Korea-nexus threat actors continue to improve their cyber offensive capabilities in order to steal cryptocurrency. Over the past year, we’ve seen them conduct multiple supply chain attacks, poison legitimate software, and develop and deploy custom malware onto MacOS systems. They ultimately want to compromise companies with cryptocurrency and they’ve found creative paths to get there," he said, qualifying this assessment with some encouraging observations about the RGB's inability to operate fully undetected. "But they also make mistakes that have helped us attribute several intrusions to them.”