Home SECURITY South Korean website builder hit by North Korean hackers

South Korean website builder hit by North Korean hackers

0
South Korean website builder hit by North Korean hackers

[ad_1]

South Korean website builder hit by North Korean hackers

Hacked sites were used to spread malware and steal user data.

By data AhnLab Security Emergency Response Center (ASEC), the attack began by sending emails with infected attachments. If the user opened such an attachment, the attacker gained remote access to his computer through a web shell that masqueraded as the URL of a legitimate site that had already been compromised by hackers.

All of the websites used in this attack were developed by the same Korean website development company. The name of the firm is not mentioned for security reasons. The company serves a wide range of customers across industries including manufacturing, retail, electronics, education, construction, healthcare and tourism. All sites had an administrative page available that an attacker could use to download malware. Experts believe that the attacks were planned in advance and aimed at stealing customer and site user data.

A representative of the web studio said that the attacks began about a week ago and do not stop. The company is trying to restore the sites and protect the data of its customers. The spokesperson also advised site users to change their passwords and check their bank accounts.

Researchers believe a group is behind this attack APT37 (aka RedEyes, ScarCruft, Ricochet Chollima, Reaper, Group123 or InkySquid) is a North Korean cyber espionage hacker group. It is believed that it is supported by the authorities of the DPRK. Recently became known that the group is using the new evasive M2RAT malware and steganography to gather intelligence. In addition, recently security researchers from the information security company check point discovered that APT37 has been using LNK files to deliver the RAT Trojan RokRAT since July 2022.

[ad_2]

Source link

www.securitylab.ru

LEAVE A REPLY

Please enter your comment!
Please enter your name here