Sunday, April 18, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Privacy

North Korean Hackers Used ‘Torisma’ Spyware in Job Offers-based Attacks

November 6, 2020
in Internet Privacy
North Korean Hackers Used ‘Torisma’ Spyware in Job Offers-based Attacks
586
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

A cyberespionage campaign aimed at aerospace and defense sectors in order to install data gathering implants on victims’ machines for purposes of surveillance and data exfiltration may have been more sophisticated than previously thought.

The attacks, which targeted IP-addresses belonging to internet service providers (ISPs) in Australia, Israel, Russia, and defense contractors based in Russia and India, involved a previously undiscovered spyware tool called Torisma stealthily monitor its victims for continued exploitation.

You might also like

What are the different roles within cybersecurity?

SysAdmin of Billion-Dollar Hacking Group Gets 10-Year Sentence

Severe Bugs Reported in EtherNet/IP Stack for Industrial Systems

Tracked under the codename of “Operation North Star” by McAfee researchers, initial findings into the campaign in July revealed the use of social media sites, spear-phishing, and weaponized documents with fake job offers to trick employees working in the defense sector to gain a foothold on their organizations’ networks.

The attacks have been attributed to infrastructure and TTPs (Techniques, Tactics, and Procedures) previously associated with Hidden Cobra — an umbrella term used by the US government to describe all North Korean state-sponsored hacking groups.

The development continues the trend of North Korea, a heavily sanctioned country, leveraging its arsenal of threat actors to support and fund its nuclear weapons program by perpetrating malicious attacks on US defense and aerospace contractors.

Operation North Star

While the initial analysis suggested the implants were intended to gather basic victim information so as to assess their value, the latest investigation into Operation North Star exhibits a “degree of technical innovation” designed to remain hidden on compromised systems.

Not only did the campaign use legitimate job recruitment content from popular US defense contractor websites to lure targeted victims into opening malicious spear-phishing email attachments, the attackers compromised and used genuine websites in the US and Italy — an auction house, a printing company, and an IT training firm — to host their command-and-control (C2) capabilities.

“Using these domains to conduct C2 operations likely allowed them to bypass some organizations’ security measures because most organizations do not block trusted websites,” McAfee researchers Christiaan Beek and Ryan Sherstibitoff said.

What’s more, the first-stage implant embedded in the Word documents would go on to evaluate the victim system data (date, IP Address, User-Agent, etc.) by cross-checking with a predetermined list of target IP addresses to install a second implant called Torisma, all the while minimizing the risk of detection and discovery.

This specialized monitoring implant is used to execute custom shellcode, in addition to actively monitoring for new drives added to the system as well as remote desktop connections.

“This campaign was interesting in that there was a particular list of targets of interest, and that list was verified before the decision was made to send a second implant, either 32 or 64 bits, for further and in-depth monitoring,” the researchers said.

“Progress of the implants sent by the C2 was monitored and written in a log file that gave the adversary an overview of which victims were successfully infiltrated and could be monitored further.”


Credit: The Hacker News By: noreply@blogger.com (Ravie Lakshmanan)

Previous Post

If Ellen DeGeneres Is Canceled, Let’s Take a Hard Look at Kelly Ripa

Next Post

Italian beverage vendor Campari knocked offline after ransomware attack

Related Posts

What are the different roles within cybersecurity?
Internet Privacy

What are the different roles within cybersecurity?

April 18, 2021
SysAdmin of Billion-Dollar Hacking Group Gets 10-Year Sentence
Internet Privacy

SysAdmin of Billion-Dollar Hacking Group Gets 10-Year Sentence

April 17, 2021
22-Year-Old Charged With Hacking Water System and Endangering Lives
Internet Privacy

Severe Bugs Reported in EtherNet/IP Stack for Industrial Systems

April 16, 2021
YIKES! Hackers flood the web with 100,000 pages offering malicious PDFs
Internet Privacy

YIKES! Hackers flood the web with 100,000 pages offering malicious PDFs

April 16, 2021
US Sanctions Russia and Expels 10 Diplomats Over SolarWinds Cyberattack
Internet Privacy

US Sanctions Russia and Expels 10 Diplomats Over SolarWinds Cyberattack

April 16, 2021
Next Post
Italian beverage vendor Campari knocked offline after ransomware attack

Italian beverage vendor Campari knocked offline after ransomware attack

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

Make Machine Learning Interpretable with Shapash
Machine Learning

Make Machine Learning Interpretable with Shapash

April 18, 2021
Why the Patent Classification System Needs an Update
Machine Learning

Why the Patent Classification System Needs an Update

April 18, 2021
What are the different roles within cybersecurity?
Internet Privacy

What are the different roles within cybersecurity?

April 18, 2021
Machine Learning Technology May Help Decipher Biological Language of Cancer, Parkinson Disease
Machine Learning

Machine Learning Technology May Help Decipher Biological Language of Cancer, Parkinson Disease

April 17, 2021
SysAdmin of Billion-Dollar Hacking Group Gets 10-Year Sentence
Internet Privacy

SysAdmin of Billion-Dollar Hacking Group Gets 10-Year Sentence

April 17, 2021
10 Popular Must-Read Free eBooks on Machine Learning
Machine Learning

10 Popular Must-Read Free eBooks on Machine Learning

April 17, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • Make Machine Learning Interpretable with Shapash April 18, 2021
  • Why the Patent Classification System Needs an Update April 18, 2021
  • What are the different roles within cybersecurity? April 18, 2021
  • Machine Learning Technology May Help Decipher Biological Language of Cancer, Parkinson Disease April 17, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates