Tuesday, January 26, 03:29
Home security North Korean hackers target US defense sectors!

North Korean hackers target US defense sectors!

In the middle of his pandemic COVID-19, North Korean hackers target US defense and aerospace sectors, using fake job offers as bait to infect employees seeking better career prospects and access in the networks of their organizations. The attacks began in late March and lasted until May 2020, according to cybersecurity company McAfee. McAfee reported that attacks known as “Operation North Star”, are connected to infrastructure and TTPs (Techniques, Tactics and Procedures) previously associated with Hidden Cobra - a term used by the US Government to describe organized hacking groups funded by North Korea.

North Korean hackers

In addition, the company noted that the attacks used spear-phishing to attract target recipients by motivating them to open documents that are supposed to contain a job offer. Many hacking groups have used the job offer as bait in the past, with North Korean hackers using it in attacks on the US defense sector in 2017 and 2019, said Christiaan Beek, chief scientist. and Senior Principal Engineer.

North Korea

The 2017 attacks concerned US allegations against a North Korean hacker believed to have been involved in the attacks, as well as the creation of WannaCry ransomware. The 2020 attacks also benefited malware, while approaching some victims and through not only through e-mail but also through SOCIAL MEDIA.

The entire chain of attacks - from the contact to how the malware works - is described in detail in the chart below and with full technical details from McAfee.

Hackers vs USA

However, the effectiveness of this campaign is not yet known. As the pandemic has affected workers, it is unclear how successful North Korean hackers have been in using a "new job" theme to lure victims. McAfee said it could not determine exactly which U.S. defense or aerospace companies were the targets of the attacks to alert them. The only things he could identify were the nature of the fake jobs (Senior Design Engineer and System Engineer) and the US defense sectors targeted by hackers:

  • F-22 Fighter Jet Program
  • Defense, Space and Security (DSS)
  • Photovoltaics for space solar cells
  • Aeronautics Integrated Fighter Group
  • Military aircraft modernization programs

Raj Samani, chief scientist at McAfee, told ZDNet that the company had turned to US services cyber security to inform the authorities about the attacks.
The North Star campaign is aimed at espionage and the collection of information that can be used to the benefit of North Korea.

hackers vs US defense sectors

As the country is under heavy economic sanctions and without a self-sustaining military-industrial complex, it can only support its nuclear weapons program and ambitions by entering or stealing the information it needs - which, in this case, it hopes to obtain from the US defense and aerospace sectors.

Yet another way in which North Korea maintains its nuclear program is by allowing hackers to engage in cybercrime. At the same time, the security company Kaspersky published a report this week linking North Korean hackers to a new ransomware strain called VHD.

Prior to that, the group was linked to other types of cybercrime, such as BEC fraud, Magecart attacks, bank robberies, cryptocurrency fraud and fraud. botnets cryptocurrency mining. Finally, North Korea has "built" one of the most powerful and advanced hacker armies to date, as evidenced by the variety of its operations.


Please enter your comment!
Please enter your name here

Every accomplishment starts with the decision to try.



COVID-19 vaccines: Ways to protect supply chains

The development of vaccines for COVID-19 in such a short period of time has created many challenges and these are not only related to ...

How do insurance companies "enhance" ransomware attacks?

Ransomware attacks have increased significantly, with experts warning that their victims should not pay ransom to hackers ....

Russia: "US may be planning retaliation for SolarWinds hack"!

The Russian government warns the country's organizations about possible cyber attacks that the US may carry out, as "retaliation" for the hack ...

iPhone: How to see which apps have access to your contacts

Some iPhone privacy issues go deeper than accessing your contacts list, which exposes your contacts to ...

COVID-19: Google makes vaccination clinics available

Google CEO Sundar Pichai said Monday that the company will make its facilities available to become clinics ...

Netflix offers "studio quality" audio upgrade on Android

Do not be surprised if Netflix sounds better the next time you run a marathon with rows on your Android phone ...

Will Bitcoin return to $ 40.000? There is concern!

Bitcoin lovers who take his return above the level of $ 40.000 for granted have been worried because the demand ...

Avaddon ransomware: Its operators threaten with DDoS attacks to get ransom!

Lately, more and more ransomware gangs tend to threaten their targets with DDoS attacks in order to secure profits ....

Volunteer firefighters will be trained through VR simulation

Volunteer firefighters in the Australian state of Victoria will soon have access to the virtual reality (VR) training that will be available in ...

Tesla: Accuses its former employee of stealing her confidential data!

On January 23, Tesla sued former employee Alex Khatilov for stealing 26.000 confidential documents, including trade secrets. The software ...