The social engineering link: The threat continues beyond device wiping, with attackers distributing malware by compromising KakaoTalk accounts of trusted contacts.GSC found that malicious files disguised as “stress-relief programs” were sent to close contacts via the messenger. “Among the victims was a professional psychological counselor who supports North Korean defector youths during resettlement by addressing psychological difficulties and providing services such as career guidance, educational counseling, and mentoring to help stabilize their well-being,” researchers added.While one attack vector used device neutralization to disable alerts, the other launched the malware distribution via compromised chat accounts. GSC called this mix unprecedented among known state-sponsored APT actors and that it shows the attacker’s “tactical maturity and advanced evasion strategy”.Reinforcing verification of files received via messenger platforms before opening and execution, and using clear warning prompts to help users avoid downloading or running malicious files, might help against this vector, the blog noted. The Genians findings, like the recent ClayRat and Badbox 2.0 campaigns, highlight a growing trend of attackers exploiting trusted apps and built-in services instead of relying on complex zero-day exploits.
First seen on csoonline.com
Jump to article: www.csoonline.com/article/4088037/north-korean-hackers-exploit-googles-safety-tools-for-remote-wipe.html
