Credential harvesting: Before the phishing emails, the same Ukrainian government entities were targeted with email alerts impersonating Microsoft and claiming unusual sign-in activity was detected on their accounts. The victims were asked to perform identity verification by clicking on a button, which took them to credential harvesting pages.The Proofpoint researchers didn’t manage to obtain any of these pages for analysis, but the same domain had been flagged in the past for Naver credential harvesting which aligns with past TA406 activity.”North Korea committed troops to assist Russia in the fall of 2024, and TA406 is very likely gathering intelligence to help North Korean leadership determine the current risk to its forces already in the theatre, as well as the likelihood that Russia will request more troops or armaments,” the Proofpoint researchers said.See also:
Lessons learned about cyber resilience from a visit to UkraineRussian APT28 hackers have redoubled efforts during Ukraine war, says French security agency
First seen on csoonline.com
Jump to article: www.csoonline.com/article/3987073/after-helping-russia-on-the-ground-north-korea-targets-ukraine-with-cyberespionage.html
