Cybercrime , Cybercrime as-a-service , Cyberwarfare / Nation-State AttacksNorth Korean APT Group Steps Up Espionage Ops in 2021TA406 Targets Diplomats, Policy Experts, in Asia, UK and US, Researchers SayResearchers have "high confidence" that TA406 operates on behalf of North Korea's government. The TA406 group also was involved in frequent credential theft campaigns against research, education, media, finance and nonprofits, the researchers say. The researchers say that TA406 has used spear-phishing campaigns in 2021 to deliver both credential harvesting links and malware such as Konni, Sanny, Carrotbat/Carrotball, Babyshark, Amadey and Android Moez. Other Malicious ToolsIn November 2020, researchers at cybersecurity firm Cybereason uncovered a new set of malicious tools tied to the Kimsuky group (see: Additional Hacking Tools Tied to North Korea-Linked Group). In June, researchers at Malwarebytes uncovered another set of tactics, techniques and procedures used by Kimsuky, which was at the time using an AppleSeed backdoor to carry out its espionage operations (see: APT Group Kimsuky Has New Attack Technique, Researchers Say).

Source: The North Africa Journal November 20, 2021 02:06 UTC