Groups Similar Look up By Text Browse About



Similar articles
Article Id Title Prob Score Similar Compare
186725 TECHREPUBLIC 2020-7-31:
That job offer in your inbox might be part of a North Korean cyberattack
1.000 Find similar Compare side-by-side
186653 THENEXTWEB 2020-7-31:
North Korean hackers phish for victims with ‘too good to be true’ job offers
0.881 0.595 Find similar Compare side-by-side
186447 TECHREPUBLIC 2020-7-28:
Experts: Devastating ransomware attack on Garmin highlights danger of haphazard breach responses
0.384 Find similar Compare side-by-side
186991 TECHREPUBLIC 2020-8-3:
BlackBerry launches free tool for reverse engineering to fight cybersecurity attacks
0.377 Find similar Compare side-by-side
186507 TECHREPUBLIC 2020-7-29:
It's not OK, Cupid: Security flaws could expose user data and more
0.361 Find similar Compare side-by-side
186993 THENEXTWEB 2020-8-3:
Pardon the Intrusion #23: Read this if you have a wearable
0.323 Find similar Compare side-by-side
186782 TECHREPUBLIC 2020-7-30:
Security: This nasty surprise could be waiting for retailers when they open up again
0.317 Find similar Compare side-by-side
186748 ARSTECHNICA 2020-7-30:
Hackers broke into real news sites to plant fake stories
0.309 Find similar Compare side-by-side
186697 TECHREPUBLIC 2020-7-30:
The 20 most popular work-from-home jobs and what they pay
0.306 Find similar Compare side-by-side
186675 TECHREPUBLIC 2020-7-31:
Breach of high-profile Twitter accounts caused by phone spear phishing attack
0.303 Find similar Compare side-by-side
186575 ARSTECHNICA 2020-7-29:
North Korea’s Lazarus brings state-sponsored hacking approach to ransomware
0.303 Find similar Compare side-by-side
186683 ARSTECHNICA 2020-7-29:
New flaw neuters Secure Boot, but there’s no reason to panic. Here’s why
0.288 Find similar Compare side-by-side
186788 TECHREPUBLIC 2020-7-30:
How to find and fix vulnerable default credentials on your network
0.271 Find similar Compare side-by-side
186555 TECHREPUBLIC 2020-7-28:
70% of job seekers think automation skills are the key to finding a new position
0.269 Find similar Compare side-by-side
186532 VENTUREBEAT 2020-7-28:
Box Shield now scans and classifies files automatically based on content
0.269 Find similar Compare side-by-side
186716 VENTUREBEAT 2020-7-30:
Buildots raises $16 million to automate construction site reporting with AI
0.269 Find similar Compare side-by-side
186994 TECHREPUBLIC 2020-8-3:
How to better protect your organization against mobile threats
0.266 Find similar Compare side-by-side
186985 TECHREPUBLIC 2020-8-3:
The Linux Foundation announces collective to enhance open source software security
0.265 Find similar Compare side-by-side
186608 TECHREPUBLIC 2020-7-28:
Dropbox now lets all users collect legally binding signatures for documents
0.259 Find similar Compare side-by-side
186791 TECHREPUBLIC 2020-7-30:
10 cross-platform commands all users should know
0.256 Find similar Compare side-by-side
186553 TECHREPUBLIC 2020-7-28:
What HR teams and job seekers can expect from hiring as the pandemic evolves
0.250 Find similar Compare side-by-side
186733 VENTUREBEAT 2020-7-30:
LinkedIn details AI tool that better matches jobs to candidates
0.241 Find similar Compare side-by-side
186951 TECHREPUBLIC 2020-8-3:
How to activate and use Color Picker in Windows 10 PowerToys
0.240 Find similar Compare side-by-side
186763 TECHREPUBLIC 2020-7-30:
How to install the Seafile cloud storage solution on Ubuntu Server 20.04
0.238 Find similar Compare side-by-side
186899 ARSTECHNICA 2020-7-31:
Florida teen charged as “mastermind” in Twitter hack hitting Biden, Bezos, and others
0.237 Find similar Compare side-by-side

1

ID: 186725

URL: https://www.techrepublic.com/article/that-job-offer-in-your-inbox-might-be-part-of-a-north-korean-cyberattack/

Date: 2020-07-31

That job offer in your inbox might be part of a North Korean cyberattack

A wave of bogus job offer emails from leading aerospace and defense companies is actually a cybercrime campaign designed to harvest information about professionals in sensitive industries. Discovered by McAfee Advanced Threat Research (ATR), the campaign appears to have begun in April 2020 and was detected until mid-June, and there are telltale signs that the campaign is being orchestrated by known North Korean hacking groups.  Based on similarities, ATR found in the Visual Basic code used to execute the attack and familiar core functions, "the indicators from the 2020 campaign point to previous activity from 2017 and 2019 that was previously attributed to the threat actor group known as Hidden Cobra," the report stated. Hidden Cobra is a US Government umbrella term for North Korean threat groups Lazarus, Kimsuky, KONNI, and APT37, and like the campaigns in 2017 and 2019, this one has the apparent goal of "gathering intelligence surrounding key military and defense technologies," ATR said.  Zero trust security: A cheat sheet (free PDF). (TechRepublic). The basis of the campaign is simple: Use legitimate job postings from leading defense contractors, turn them into fake job offers, and email them directly to aerospace and defense professionals who may be interested in that kind of position. The offer contains a malicious Microsoft Word document that, once opened, installs data harvesting software that will give the attacker access to sensitive personally identifying information about the victim.  Like other attacks of this kind, there's nothing new going on here--it's a familiar spearphishing campaign that relies on a victim to open the malicious document and allow it to download and execute macros hidden in a template that is fetched from the attacker's command and control server.  Once the payload is executed, the attack runs macros that install malicious DLL files that ATR said are designed "to gather machine information from infected victims that could be used to further identify more interesting targets." The DLLs used in the attack are modified versions of legitimate software DLLs, making it easier for the malicious file to go unnoticed. Once installed, the DLL uses active evasion techniques by mimicking User-Agent strings of other applications so that Windows assumes it's part of a legitimate application. It also adds a LNK file to the Windows startup folder to ensure persistence.  McAfee notes in its report that the campaign appears to be widening its targets, with examples being found of fake job offers at top animation companies and fake reports on US-Korean diplomatic relations targeting South Koreans.  Common mitigation methods apply here, such as not opening attachments from potentially suspicious sources, verifying the source of an email, and not granting permissions for scripts or macros to run from downloaded files. McAfee ATR also recommends the following strategies for organizations whose members could be targeted:  Strengthen your organization's IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices. Delivered Tuesdays and Thursdays