March 5, 2021

‘North Korean cyber attackers masters in impersonation’

The cyber attackers being deployed by North Korea targeting its adversaries, especially the United States, are increasingly turning masters at impersonation.

This was among the fascinating insights offered by Ryan Sherstobitoff, senior analyst with the advanced threat research wing of software security giant McAfee, in a session at the 13th edition of the two-day cOcOn, the international hacking and cybersecurity conference organised by the Kerala Police, which got under way virtually on Friday.

He was talking about Hidden Cobra, the name given to North Korea’s cyber offensive programme by the US, which has spotted four major groups identified as Lazarus, Bluenoroff, Andariel, and APT37 as active under the programme.

Mr. Sherstobitoff said actors associated with Hidden Cobra had been impersonating defence sector employees since 2016 through fake profiles in LinkedIn, a US-based business and job-oriented online service. In fact, the US government tracked the number of impersonation campaigns targeting defence contractors as covered in a Federal Bureau of Investigation indictment.

Noticeably, the command of English and other foreign languages of Hidden Cobra attackers has improved significantly. “They appear to know their targets, often impersonating legitimate people to appear authentic,” said Mr. Sherstobitoff.

He went on to share information about the various operations of Hidden Cobra over the past few years. There is the Operation ‘Bankshot’ that targeted the Turkish banking sector after the US government referred to the implant used for the attack as such.

Mr. Sherstobitoff said a four-month-long fake job recruitment operation was run under Hidden Cobra between April and July 2017 in which major US defence contractors were targeted. It particularly targeted defence programs relating to Terminal High Altitude Area Defence (THAAD), Advanced Extremely High Frequency (AEHF), Relocatable Over the Horizon Radar, Unmanned Aerial Vehicle (UAV), and Sikorsky Helicopter program.

“This operation was part of an elaborate impersonation campaign to ‘trick’ individuals into opening malicious document files disguised as job descriptions for roles involved with the targeted programs. Once opened, the documents load an implant that would take over the victim’s system,” said Mr. Sherstobitoff.

Based on the decoy document, it was an attempt at usurping cutting-edge US technology pertaining to Black Hawk helicopters. The US has close to 30,000 military personnel deployed in the Korean peninsula, and the South Korean Air Force operates US-made Black Hawk helicopters, F-16s, and other advanced fighter jets.

Show Less Plan

Subscription Benefits Include

Today’s Paper

Find mobile-friendly version of articles from the day’s newspaper in one easy-to-read list.

Faster pages

Move smoothly between articles as our pages load instantly.

Unlimited Access

Enjoy reading as many articles as you wish without any limitations.

Dashboard

A one-stop-shop for seeing the latest updates, and managing your preferences.

Personalised recommendations

A select list of articles that match your interests and tastes.

Briefing

We brief you on the latest and most important developments, three times a day.

*Our Digital Subscription plans do not currently include the e-paper ,crossword, iPhone, iPad mobile applications and print. Our plans enhance your reading experience.

Source Article