What happened?
Advanced Threat research of McAfee has released a report regarding an ongoing spear-phishing campaign. According to the report released, this campaign is being manned by the hackers that are linked to North Korea. Their target are the companies in the Aerospace and defense sector of the United States of America.

How did they targeted the sector?
During the ongoing campaign, McAfee noticed malicious activity that was targeting Aerospace and defense industry. A series of malicious documents containing job postings taken from leading defense contractors to be used as lures in a targeting sense. The suspicious documents were sent to the victims in order to install a data gathering implant.

The report says that the victimology of the campaign is not clear yet, but according to the pattern of targeting the targets, they were only selected those with skills and experience relating to the content in the document. The infrastructure used to target the companies in US, were the compromised infrastructure found in the european countries to host its C&C (Command and control) and spread the implants to the victims.

Has there been seen a similarity in such attacks before? How can we be sure the attackers are north korean hackers?
This type of campaign has appeared before in 2017 and 2019 which used same methods with the goal of gathering intelligence surrounding key military and defense technologies. According to the report, the TTP’s(Techniques, Tactics and Procedures) of 2020 are similar to those campaigns being functioned under the same modus operandi. The implant used the same Visual Basic code and the core functions of the implants remains the same.

What was the motive of the attackers who were running this campaign? 
The purpose of this campaign appears to be implant data gathering on victims machines to extract data. Data such as basic information of the the victim identification. Later the data collected could be used in classifying the value of the target. Campaigns like this impact national security of countries like US, South Korea and other foreign nations.

By Siddhant Pathak

Cyber security architect, 7+ years experience in cyber security industry, Tech savy, Nature lover, Bullet 350 rider

Have some thoughts? why not share with us here.