Experts reported on an attack by North Korean hackers on Russian scientists

by time news

The North Korean hacker group Kimsuky is attacking Russian scientists, political scientists and non-governmental organizations that deal with issues of interaction with the DPRK, Kommersant reported, citing the American cybersecurity company Proofpoint.

Hackers send phishing emails to Russian experts on North Korea, written on behalf of experts known in Russia. The letter contains a link, when you click on it, a window for entering a username and password opens, similar to the Windows pop-up window for password-protected resources on the Internet. Alexey Pavlov, director of business development at the center for countering cyber attacks Solar JSOC “Rostelecom-Solar”, explained that, according to the attackers’ plan, the victim must enter his data. Due to the use of the insecure http protocol, hackers receive credentials in cleartext.

Experts cited in the study an example of such a letter allegedly on behalf of the Executive Director of the National Committee for BRICS Research Georgy Toloraya. He confirmed to the publication that fake letters were being sent en masse on his behalf, his signature was copied from old letters.

Denis Kuvshinov, head of the threat research department at Positive Technologies, said that the company’s specialists had registered the Kimsuky attacks in August. The group has been carrying out thematic attacks since 2018: in 2020, it attacked Russian military and industrial companies. According to Proofpoint, this is done to collect data. Anastasia Tikhonova, head of the complex threat research group at Threat Intelligence Group-IB, added that there are great risks that the group will try to purposefully “break through” and extract valuable documents from specific officials.


You may also like

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.