North Korean APT Group Uses Social Engineering Attacks to Gather Intelligence, Cybersecurity Experts Warn - 1

North Korean APT Group Uses Social Engineering Attacks to Gather Intelligence, Cybersecurity Experts Warn

  • Written by Shipra Sanganeria Cybersecurity & Tech Writer

On June 7, SentinelOne’s cybersecurity researchers disclosed Kimsuky’s campaign details that specifically targets experts on North Korean affairs. ‘’Based on the used malware, infrastructure, and tactics, we assess with high confidence that the campaign has been orchestrated by the Kimsuky threat actor,’’ noted the advisory. The disclosure comes in wake of the joint warning released by US and South Korean intelligence agencies, alerting Kimsuky’s use of exfiltrating malware and spear-phishing tools to illicitly gather data and credentials of targets.

To gather favorable strategic intelligence, North Korean advanced persistent threat (APT) group expands its social engineering tactics to target think tanks, academia, and media experts in the US. Their sophisticated methods include spoofed URLs, extensive email correspondence and use of reconnaissance malware, ReconShark.

To establish trust and engage with the target, it was found that the threat actor had impersonated Chad O’Carroll, founder of NK News. SentinelOne’s investigation also revealed the use of HTML-formatted phishing email containing spoofed URLs. The seemingly legitimate Google Doc URLs redirects the user to a malicious website. This is done with the aim of capturing the target’s Google credentials.

Moreover, Kimsuky was also seen using spoofed URL emails that redirect the target to a fake NK login site, helping them steal user credentials for NK News subscription service. The news site is known for its detailed reports and expert analysis on North Korea. Access to these reports helps the threat actor achieve its broader objective of strategic intelligence-gathering initiatives.

A few months ago, German and South Korean intelligence agencies had issued an advisory, alerting Gmail and AOL users of Kimsuky’s malicious campaign to steal their credentials.

To mitigate the risk of similar attacks, experts recommend users to exercise caution and deploy effective security measures.

News Heading - 2

Three Vulnerabilities Discovered in Popular Open-Source Graphic Debugger RenderDoc

  • Written by Shipra Sanganeria Cybersecurity & Tech Writer

Three critical flaws were found in a popular, cross-platform graphic debugger tool, RenderDoc. Due to its multi-application and operating system (OS) support, the standalone software has gained prominence among developers, particularly in the gaming industry.

RenderDoc is an open-source, MIT licensed software that supports operating systems like Windows, Linux, Nintendo Switch and Android. Its single-frame capture and detailed inspection feature aids in debugging programs across various applications, like Vulkan, OpenGL, D3D12, etc.

The three flaws that were discovered by Qualys Threat Research Unit (TRU) cybersecurity researchers, include, two heap-based buffer overflow and privilege escalation. These vulnerabilities can prove to be a potential threat to security. If exploited, it can allow an attacker to manipulate and control the host’s machines, thereby increasing the risking of ‘’unauthorized access and malicious cyber activity.’’

The three vulnerabilities are:

  • CVE-2023-33865 : The first vulnerability is a symlink vulnerability that a local attacker having no privilege requirement can exploit, helping them gain the privileges of the RenderDoc user.
  • CVE-2023-33864 : The second is an integer underflow that leads to a heap-based buffer overflow that can be exploited by any remote attacker. Using this vulnerability, they can execute arbitrary code on the victim’s machine.
  • CVE-2023-33863 : The third is an integer overflow that develops into a heap-based buffer overflow that can be used by a remote attacker to run arbitrary code on the host machine. Till now, Qualys in its investigation has not exploited this vulnerability, so the threat level of this flaw remains unknown.

On being notified about the vulnerabilities, RenderDoc immediately released a new version of its software – version 1.27, with fixes for these flaws. Version 1.26 and prior continue to have these vulnerabilities, thus remaining susceptible to attacks.

Qualys in its report also advised security teams to fix these vulnerabilities with patches as soon as possible.