Cybersecurity News that Matters

Cybersecurity News that Matters

[Weekend Briefing] North Korea’s upgraded hacking schemes

Illustration by Areum Hwang, The Readable

by Dain Oh

Oct. 11, 2024
9:00 PM GMT+9

“Weekend Briefing” is a weekly newsletter sent to subscribers of The Readable every Friday. Our journalists select important news items from the previous week on topics ranging from privacy to policy development in cybersecurity, all to help you stay abreast of the latest breaking issues. And not only is this provided free of cost to our subscribers, but the briefing contains new content exclusive to subscribers, such as our insightful industrial reports.


New findings reveal that North Korea-backed hackers are using increasingly sophisticated code to execute fake recruitment schemes aimed at secretly stealing sensitive data from targets’ computers. This week’s briefing, as covered by David DiMolfetta, features a section on North Korea’s hacking tactics. Additionally, I have included recent exclusive stories by DiMolfetta that provide insights into the security landscape in the United States and around the world.

South Korea’s National Assembly has begun its annual government inspection. During this audit, Assembly members review the security posture of government agencies, often uncovering vulnerabilities. Several stories in this briefing highlight the findings from this yearly effort.

The Singapore International Cyber Week (SICW), the largest cybersecurity conference in the Asia-Pacific region, will take place in Singapore next week. I will be on-site, interviewing key players in cybersecurity throughout the conference. Don’t miss our original reporting from SICW next week.

This is Dain Oh reporting from South Korea, and here is your weekend briefing.

1. New malware allows North Korea to deploy fake recruitment schemes, research says

Illustration by Sangseon Kim, The Readable

Programming interviews for software development roles are a common practice in the tech industry. However, it is rare for these interviews to involve code designed to secretly steal sensitive data from job candidates’ computers.

“He wanted me to open up a full stack application and explain the code. I did, but I ran it in a [virtual machine] (because you should NEVER run random code that you do not understand from a suspicious party), and he was not happy,” said Richard Chang, a software engineer, posting on LinkedIn, sharing his experience with what turned out to be a fake recruiter.

“He kept giving excuses about how it needed to be run in an actual machine because of Windows … issues. The code however is malicious (yes, Javascript code can be evil),” Chang added. The “surprisingly sophisticated” code was actually designed to surreptitiously scan for logs and passwords stored on the computer, he explained. READ MORE


Feature: North Korea’s hacking tactics

  • North Korea escalates cyber threats, prompting security alerts for South Korea, US, and UK READ MORE
  • North Korean hackers laundered $150K in crypto through Cambodian payment firm READ MORE
  • Expert warns North Korean hacking techniques continue to evolve READ MORE
  • North Korean hackers leverage online games to distribute malware, Microsoft reveals READ MORE

READ THE LATEST STORIES ON NORTH KOREA BY THE READABLE

Illustration by Areum Hwang, The Readable

Exclusive stories by David DiMolfetta

  • FBI raids government IT and cyber contractor Carahsoft READ MORE
  • House lawmaker presses DOD to exclude Chinese display companies from military contracts READ MORE
  • House bill pitches interagency task force to counter Chinese hacking threats READ MORE

2. Chinese CCTVs disguised as domestic products and installed in key national facilities across Korea – South Korea’s Money Today

An investigation has uncovered that about 30,000 Chinese-made CCTV units, disguised as domestic products, have been installed in key national facilities across South Korea, including military bases, local governments, and state-owned enterprises. Data obtained by Rep. Park Choong-kwon from the Broadcasting and Communications Commission revealed that these units were falsely labeled as domestic to meet procurement standards. The most commonly installed model, made by China’s Dahua Technology, was found in institutions such as the Korea Land and Housing Corp. (4,095 units), police agencies, and Incheon International Airport Corp. READ MORE

3. South Korea launches investigation into TikTok over privacy violations – South Korea’s Yonhap

The South Korean government has launched an investigation into TikTok, the Chinese short-form video platform, for potential violations of domestic privacy laws. On October 7, the Personal Information Protection Commission (PIPC) announced that it began investigating possible breaches of the Personal Information Protection Act last week. In addition, the Korea Communications Commission (KCC) plans to conduct a separate inquiry, through the Korea Internet & Security Agency (KISA), to look into potential violations of the Information and Communications Network Act. READ MORE

4. South Korea’s Unification Ministry ranks low in cybersecurity amid increasing North Korean cyber attacks – South Korea’s News1

Despite the growing threat of North Korean cyberattacks, South Korea’s Unification Ministry has consistently ranked among the worst in cybersecurity management over the past three years. A report by National Assembly member Han Jeong-ae, based on the National Intelligence Service’s (NIS) evaluation of 21 government ministries from 2021 to 2023, revealed that the Unification Ministry failed to meet the average score each year. In 2021, it received a “poor” rating, placing last among the ministries. In 2022 and 2023, it ranked 18th and 20th, respectively, with a “moderate” rating. READ MORE

5. Cyber attacks on SMEs rise as government funding and resources dwindle – South Korea’s MBN

Cyber attacks on small and medium-sized enterprises (SMEs) in South Korea are increasing each year, yet the budget allocated by the Ministry of Science and ICT (MSIT) for cybersecurity support continues to decline. According to data obtained by National Assembly member Lee Jeong-heon, the budget for the “Regional SME Information Protection Support” program has been halved over the past two years, dropping from 10.5 billion won (approximately $7.8 million) in 2023 to just 2.636 billion won ($1.9 million) by 2025. Similarly, funding for various cybersecurity initiatives, including the “Advanced Hacking and Virus Response Support” program, is also being reduced. READ MORE

6. US moves to seize $2.7 million from Lazarus hacks traced through Tornado Cash, other mixers – The Block

Two recent forfeiture actions filed by the U.S. Attorney for the District of Columbia have shed light on North Korea’s cryptocurrency laundering methods, as authorities seek to seize approximately $2.67 million in cryptocurrency stolen in two major hacks attributed to the Lazarus Group. The complaints aim to recover $1.7 million in Tether (USDT) linked to the $28 million hack of the crypto exchange Deribit in 2022, as well as about $971,000 in Avalanche-bridged Bitcoin (BTC.b) from the $41 million hack of online casino Stake.com. Law enforcement traced the stolen funds using various methods, including Tornado Cash, Sinbad, and Yonmix mixers, identifying wallet patterns and tracing consolidation addresses. READ MORE

7. The Internet Archive is under attack, with a breach revealing info for 31 million accounts – The Verge

The Internet Archive suffered a cyber attack on Wednesday, with hackers defacing the site using a JavaScript library and launching a DDoS attack. Founder Brewster Kahle confirmed the attack, revealing that usernames, email addresses, and salted-encrypted passwords of users were compromised. The hackers left a pop-up message mocking the site’s security, and 31 million email addresses were exposed, some of which matched data already listed on Have I Been Pwned (HIBP). Troy Hunt from HIBP verified the authenticity of the data. READ MORE

8. U.S. Wiretap Systems Targeted in China-Linked Hack – Wall Street Journal

A Chinese government-linked cyberattack group known as Salt Typhoon infiltrated several U.S. broadband networks, including those of Verizon, AT&T, and Lumen Technologies, potentially compromising systems used for lawful surveillance by federal authorities. The breach, discovered recently, is under investigation and may have compromised sensitive information related to national security inquiries. This incident highlights a significant risk, as attackers also accessed broader internet traffic and possibly targeted providers outside the U.S. READ MORE

9. Hackers targeted Android users by exploiting zero-day bug in Qualcomm chips – TechCrunch

Qualcomm has confirmed a zero-day vulnerability (CVE-2024-43047) affecting dozens of its chipsets found in popular Android devices, which may have been exploited in targeted hacking campaigns. The flaw was discovered with assistance from Google’s Threat Analysis Group (TAG) and Amnesty International’s Security Lab and has been added to the U.S. cybersecurity agency CISA’s list of known exploited vulnerabilities. While the specific targets and intent behind the attacks remain unclear, Qualcomm released fixes in September 2024. It is now the responsibility of Android device manufacturers to deploy these patches to affected users. READ MORE

10. Google’s New Android Triple Lock Update Leak—3x The Security Surprise – Forbes

Google has introduced a new set of security features for Android, called the “Triple Lock” update, aimed at enhancing data protection in case of device theft. The three features—Theft Detection Lock, Offline Device Lock, and Remote Lock—add extra layers of security. Theft Detection Lock uses AI to recognize if a device has been stolen and automatically locks the phone, preventing access. Offline Device Lock activates when a thief disconnects the phone from the internet for an extended period, while Remote Lock allows users to secure their device remotely even if they can’t access Find My Device. READ MORE

11. Finnish utility Fortum reports pick up in cyberattacks and surveillance – Reuters

Nordic utility company Fortum is facing daily cyberattacks in Finland and Sweden and has reported observing drones and suspicious activity near its sites, according to CEO Markus Rauramo. The company has notified authorities about these incidents. While officials have not commented specifically, they noted an increase in malicious activities, often attributed to Russia. This rise in threats follows Finland and Sweden’s decision to join NATO after Russia’s invasion of Ukraine in 2022.

Fortum has implemented various measures to strengthen its cybersecurity, including strict access controls, private security, and drills with authorities. Despite the increased incidents, the impact on operations has been minimal. Finnish and Swedish security services have identified Russia as the primary threat to their national security, citing a rise in cyberattacks and intelligence operations targeting critical infrastructure since 2022.

Russia has denied involvement in such activities but has warned of retaliation against Finland for joining NATO. In 2023, Russia seized Fortum’s assets in the country, valued at $1.9 billion, in response to sanctions imposed by the European Union.


Editor’s note: The summaries of each article were created by ChatGPT 4o and reviewed by Dain Oh.

Subscription

Subscribe to our newsletter for the latest insights and trends. Tailor your subscription to fit your interests:

By subscribing, you agree to our Privacy Policy. We respect your privacy and are committed to protecting your personal data. Your email address will only be used to send you the information you have requested, and you can unsubscribe at any time through the link provided in our emails.

  • Dain Oh
    : Author

    Dain Oh is a distinguished journalist based in South Korea, recognized for her exceptional contributions to the field. As the founder and editor-in-chief of The Readable, she has demonstrated her expe...

    View all posts
Stay Ahead with The Readable's Cybersecurity Insights