North Korean Hackers Utilize New Malware With Wiretapping Functionality, Warn Cybersecurity Experts
- Written by Shipra Sanganeria Cybersecurity & Tech Writer
The threat actor identified as APT37, also known as RedEyes, ScarCruft, and Reaper generally carries out monitoring activities, targeting human right activists, North Korean defectors, and university professors.
The group’s latest attack was discovered by South Korea-based AhnLab in May 2023, where they noticed the North Korean threat group APT37 use a malware with a previously undiscovered wiretapping capability. To exfiltrate data, it has a backdoor functionality that uses the Ably platform (a real-time data transfer and messaging platform) and has been developed using the cross-platform program GoLang.
The campaign saw RedEyes use the spear-phishing email tactic, in which the threat actor used a CHM (Compiled HTML Help File) file disguised as a password-protected document. Once executed, the CHM file not only reveals a password but also causes the deployment of a malicious file from a threat actor controlled C2 server. The script identified as PowerShell malware has backdoor functionality. PowerShell malware is known to maintain persistence via an autorun registry key that allows commands to be executed by a hacker controlled C2 server.
The primary focus of the threat actors is stealing information, for which they stealthily carried out the attack to gain access to targeted systems. ‘’These sorts of attacks are difficult for individuals to notice. As such, ASEC is closely tracking the activities of the RedEyes group and responding promptly to prevent further damage,’’ the advisory stated.
To mitigate the risk of cyberattacks, AhnLab experts also recommended users to be vigilant and exercise caution when opening emails or files from unknown sources. The increasing use of infostealer malware and phishing campaigns, makes it imperative that users monitor their accounts in order to identify and mitigate any security threat.
Snack Giant Mondelez Announces Data Breach Involving Sensitive Employee Information
- Written by Shipra Sanganeria Cybersecurity & Tech Writer
Oreo maker Mondelez in a recently published notification announced a data breach incident that exposed sensitive information of more than 50,000 past and present employees. The attack was on Bryan Cave’s network system, a law firm that provides legal services to Mondelez, one of the largest snack companies in the world.
The week-long attack was first noticed by Bryan Cave on February 23, 2023. It noticed unauthorized access to its network system, including the area where customer data is stored.
The attack which lasted until March 1, 2023, extracted data which included Mondelez employees’ personal information like names, addresses, marital status, social security number, employee identification number, date of birth, and gender. It also included Mondelez retirement and/or thrift plan information. There was no disclosure of any user-linked bank or credit card details.
On March 24, 2023, Mondelez was informed about the data breach. Based on the information provided by Brian Cave, the company was able to determine the list of affected employees by May 22, 2023. The June 15, notification was issued after a thorough investigation by Mondelez, in which it reiterated its claim that the incident did not affect its internal network system in any way.
Mondelez further stated that Bryan Cave had already taken the necessary security measures to mitigate the threat. The law firm had immediately launched an investigation and hired a third-party cybersecurity forensic firm to understand the scope of the attack and informed the designated law enforcement agency.
Mondelez also notified the concerned employees and urged them to monitor their banking and other financial transactions to avoid phishing and credential-stuffing attacks. The company also announced a 24-month access to Experian IdentityWorksSM Credit Plus 1B for affected employees.
In 1923, founded as Kraft Foods Inc., Mondelez International was established in 2012, when Kraft Foods was renamed as Mondelez. The US-based snacking company popular brands include Oreo, Tang, Dairy Milk, etc. With offices in more than 80 countries, the company employs around 91,000 people and earned a revenue of around $31.5 billion in 2022.
