Search This Blog

Showing posts with label North Korean Hackers. Show all posts

ISRO targeted by North Korean Hackers during Chandrayaan-2 Launch


According to the fresh news that has been coming from various experts, it has appeared that Chandrayaan-2 (also known as Mission Moon), a famous mission by the Indian Space Research Organisation (ISRO) was attacked by hackers from North Korea. It also appears that the attacks were organized using a malware named Dtrack, which is connected to a club of North Korean hackers managed by the administration. "The malware was identified by the Financial Institute and Research Centers in 18 Indian states," confirms the reports by Kaspersky, a cybersecurity firm.


It is also said that the same malware was used to direct hacks on Kudankulam nuclear factory. The National Cyber Coordination Center that attempts to protect the nation from harmful cyber invasions recently received critical information from a US cybersecurity firm regarding the hack. It said that Kunankulam Nuclear Plant's master domain controllers alongside the ISRO were attacked by the hackers. Following this incident, Kaspersky's specialists detected the malware and notified the issue to the Indian government before the Chandrayaan-2 landing.

"The hack was organized using very simple and basic techniques like phishing emails, an unedited browser, and poor security that resulted in allowing the hackers to easily invade the devices," says Yash Kadakia in an interview, founder, Security Brigade, a cybersecurity firm in Mumbai. He further adds that a similar server was used to send spams to superior nuclear experts at the Nuclear Plant in Kudankulam which was also aimed by the hackers to pick other experts at ISRO later.

About Dtrack Malware- 
Generated by North Korean Hackers, the Dtrack malware provides a full command that permits the hackers to obtain data from the device. The virus can misuse devices with weak privacy and passwords. If the virus invades a device, it can obtain critical information like catalogs, IDs, user history, and IP addresses. "A high number of DTrack attacks were discovered. The hack was carried by Lazarus that has become a major concern for big corporations," said Konstantin Zykov about the virus who is a Researcher at Kaspersky Cybersecurity, at an event in Delhi.

US issues warning against malware 'Electricfish' linked with North Korea








The Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI) have issued a joint security warning about a new malware called "Electricfish,’’ which is allegedly linked to a state-sponsored North Korean cyberattack group.

The investigators uncovered the malware while they were tracking the activities of Hidden Cobra, it is believed that the group is sponsored by the North Korean government. 

The warning released by the US Computer Emergency Readiness Team on Thursday says that the malware is a 32-bit Windows executable program. After reverse engineering the sample, the malware was found to contain a custom protocol which permits traffic to be funneled between source and destination IP addresses.

‘’The malware implements a custom protocol that allows traffic to be funneled between a source and a destination Internet Protocol (IP) addressaa. The malware continuously attempts to reach out to the source and the designation system, which allows either side to initiate a funneling session.’’

‘’The malware can be configured with a proxy server/port and proxy username and password. This feature allows connectivity to a system sitting inside of a proxy server, which allows the actor to bypass the compromised system’s required authentication to reach outside of the network,’’ read warning. 


The whole list of Indicators of Compromise (IOC) for Electricfish can be downloaded here

Russian Hacking Trouble for the Cyber World



According to data analysis by computer security company CrowdStrike, Russian hacking attack team spares only 19 minutes to the victim to respond to the attack. The next fastest group were North-Koreans who took two hours to jump to the next server to spread the attack,the third on the list comes Chinese attackers who on average gives four hours to the victim to foil their target attack.

Statistically the calculated time is coined as  “dubbed time“ and is the time attacker takes to jump from one network to another to spread the attack. Introducing the concept, CrowdStrike wrote in its report “shows how much time defenders have on average to detect an initial intrusion, investigate it and eject the attacker before sensitive data can be stolen or destroyed.”

According to the author, Pete Singer, the new analysis is eye-opening, "These stats are driven by a whole variety of factors, among them the skills and capability, the relative risk each is making in their likelihood of getting caught and the consequences. No matter how you look at it, an average of 18 minutes is quite amazing given the scale."

The Russians hackers have attacked many defense and military establishments throughout Europe and NATO since last year. Russian hackers were alleged to attack PyeongChang Winter Olympic Games in 2018.

Chris Krebs, DHS Cybersecurity and Infrastructure Security Agency Director, told defenseone.com recently, “We are doubling down on election security in advance of the 2020 election. Despite what some of the reporting might be, election security and countering foreign influence efforts aren’t going anywhere.”

According to a research from Arizona state University, researchers revealed that the exploiting a known vulnerability depended greatly on the country of the attacker.For Instance, the researchers looked at the Dark Web chat rooms , If attackers were discussing  vulnerabilities in National Database and If the hackers discussing the bug were Chinese, the chances to exploit the vulnerability in question was nine percent, But if the conversation was between Russians, then the probability of exploiting vulnerability is forty percent.

Infamous North Korean Hacking Group Steals $571 Million in Cryptocurrency


The North Korean Hacking Group, Lazarus has managed once more to embezzle more than a billion dollars in cryptocurrency. The group has purportedly done such sorts of thefts since January 2017, amassing an enormous $571 million from the attacks. This was in accordance with an article published on Friday by The Next Web as well as the coming yearly report from the cybersecurity vendor Group-IB.

The claims made by some South Korean officials in February express that the North Korean hackers likely stole millions of dollars' worth in cryptocurrency in the year 2017.

Since the beginning of last year, the greatest contribution that could be made in hacking outfits has been done by Lazarus, which stole $571 million in cryptocurrency. Their greatest plunder - $534 million originated from a solitary attack led earlier in January 2018.

As indicated by the eminent cybersecurity unit Group IB the hacking outfits are more acclimated with utilizing techniques extending from spear phishing to social engineering and malware introduction to compromising cryptocurrency exchange networks.

"After the local network is successfully compromised, the hackers browse the local network to find work stations and servers used working with private cryptocurrency wallets," says the summary of an annual report prepared by the unit detailing the situation of hi-tech cybercrime trends across the globe. It also indicates that $882 million in cryptocurrency was stolen from exchanges in total from 2017 to 2018.

Massive phishing groups, as the report stated, are exploiting the users' fear of missing out a major opportunity, baiting them to invest their resources into unauthentic projects on knockoff websites.
Group IB additionally states that the quantity of attacks focusing on crypto trades is probably going to rise further, with hackers of more conventional financial institutions, like the banks are being attracted to the space looking for enormous increases.

All the more worryingly, these thefts are prognosticated to increment similarly as with time, more and more aggressive hacking groups are likely to move towards cryptocurrency.

South Korean Newspaper Reports North Korean Hackers Behind Attacks on Cryptocurrency Exchanges

Chosun Ilbo, a major South Korean newspaper, on Saturday reported that according to a South Korean spy agency, North Korean Hackers were behind the theft of about $6.99 million (7.6 billion won) worth of cryptocurrencies this year, which now amount to almost $82.7 million (90 billion won).

The report said that these attacks included the theft of cryptocurrencies from accounts at exchanges Yapizon (now called Youbit), and Coinis, in April and September.

According to the report by the newspaper, the leaks of the personal information of about 36,000 accounts from Bitthumb, a major cryptocurrency exchange, in June were also connected with North Korean hackers, as discovered by the country’s National Intelligence Service (NIS).

Again citing NIS, Chosun Ilbo also reported that these hackers had demanded around $5.5 million (6 billion won) in return for deleting the stolen information.

These hackers were also responsible for another attack on about 10 other exchanges in October which was stopped by Korea Internet Security Agency (KISA), as per the report.

The newspaper also reported that according to NIS, the malware used in the emails to hack the exchanges were made with a similar method to the one used in hacking Sony Pictures in 2014 and the Central Bank of Bangladesh in 2016 and that the email ids used in the attacks were also North Korean.

South Korea hit by cyber attack.




Yesterday South Korea was hit by a massive cyber attack . The attack disturbed the functioning of three banks and two TV channels. The bank were hit such that no financial transactions can be made.

The TV channels were affected by locking their computers hence not allowing the TV channels to edit or function to full efficiency.The attack points towards North Korea which only days ago said it will attack South Korea.

The attacks originated from China but this might simply be because the IP's from North Korea are not allowed in South Korean Cyberspace ,so the hackers  could have used compromised computers in China to bypass that restriction and also to hide their real location.

Unlike other "disruption" attacks which rely on DDOS this was done using a malware called "DarkSeoul" which "locked" the systems.

These sort of attacks are more dangerous because when you block the DDOS attack the servers will get back to "normal" with minimum effort but a virus attack takes much longer to recover from and even then you cant be really sure that the computers are fully clean.

This recent attack shows that the need for a strong "physical" army is not needed to bring down an another country. A few experienced hackers can do the work of a massive army. 

30 North Korean hackers steal millions of dollars from online gaming sites

North Korea stands accused by its southern rival of operating an elaborate hacking network that allegedly broke into online sites hosted in South Korea and stole prize points worth almost £3.7m ($6m).South Korean police claim $6m was stolen after 30 hackers from the North infiltrated online game servers in Seoul. Whereas North Korea has denied allegations by South Korea that it engaged in a computer hacking scheme to steal millions of dollars from online gaming sites.

South Korean police recently arrested five suspects they say were recruited to work in China alongside more than 30 hackers from North Korea. The hackers allegedly broke into gaming sites and stole gaming points worth around $6 million. The North has been accused several times in recent years of mounting cyber attacks on the South. Pyongyang has denied all the allegations.

[source]