Cybersecurity News that Matters

Cybersecurity News that Matters

Daily briefing: Russia-DPRK cooperation poses growing cyber threats

Illustration by Areum Hwang, The Readable

by Dain Oh

Nov. 05, 2024
8:30 PM GMT+9

Daily Briefing is a curated listicle made available by The Readable. We select a handful of significant stories worth sharing with our readers and present them in an easy-to-read, accessible format. Dain Oh and Minkyung Shin collaborate in monitoring, selecting, and reviewing the news articles, with Arthur Gregory Willers contributing to improve the overall readability of the briefing.


1. North Korea’s troop deployment to Russia spurs increased cybersecurity threats, warns Korean agency – South Korea’s Yonhap

North Korea’s reported troop deployment in support of Russia during the Russia-Ukraine conflict has intensified cybersecurity risks, according to the Korea Internet & Security Agency (KISA). KISA advised South Korean institutions and companies to bolster their security measures, warning that heightened geopolitical tensions could trigger a surge in cyberattacks.

KISA recommended closely monitoring key IT systems and websites to guard against potential Distributed Denial of Service (DDoS) attacks by Russian hacking groups. It urged organizations to maintain regular offline backups of essential files, train staff to recognize and avoid malicious email attachments and links, and keep all software updated with the latest security patches. In case of a DDoS attack, KISA advised contacting its Internet Incident Response Center for support. Additionally, small and medium-sized businesses can apply for DDoS defense services through KISA.

Meanwhile, a Russian-linked hacker group recently claimed to have targeted a South Korean grain storage facility, although KISA has not yet confirmed this alleged breach.

2. South Korean telecom giant allegedly used malware to control users’ P2P data sharing – South Korea’s Chosun Biz

Korean police have referred KT Corporation and 13 of its employees to prosecutors, asserting that they violated telecommunications and information security laws. KT is accused of using malware to restrict access to “grid programs,” which are peer-to-peer (P2P) applications popular among web storage users for direct data exchanges without company servers. This action allegedly aimed to reduce data transfer costs for KT and has affected more than one million computers since 2020.

The grid programs, essential for many webhard providers, enable efficient user-to-user file sharing without passing through company servers, thereby reducing data transmission fees. However, KT, as a major internet service provider, incurred higher costs due to these programs, which led the company to take drastic measures, including unauthorized control over user PCs to block access to grid programs.

The investigation revealed that KT had altered internet packets to disrupt P2P usage and evade interconnection fees. Police identified this as a deliberate attempt to manipulate network traffic, prompting affected webhard companies and users to file complaints. Following a thorough investigation, police forwarded the case to prosecutors, signaling serious implications for KT regarding corporate control over user autonomy and data-sharing rights.

3. US cybersecurity chief says disinformation surge hasn’t impacted election – Reuters

Jen Easterly, director of the U.S. Cybersecurity and Infrastructure Security Agency (CISA), announced that there is no evidence of foreign interference that could impact the 2024 election results, despite an unprecedented increase in disinformation from foreign actors. Easterly emphasized that U.S. agencies have noted extensive efforts to spread divisive narratives, particularly by Russia, which has denied these allegations.

In one instance, Georgia officials debunked a viral video as “targeted disinformation.” The video featured an individual falsely claiming to have voted multiple times, and senior U.S. intelligence officials traced its origin back to Russian sources. Such foreign disinformation efforts are expected to continue through January 6.

Despite these attempts, Easterly emphasized that the U.S. election infrastructure is more secure than ever, with the election community prepared to ensure a safe, secure, and fair electoral process.

4. Thousands of hacked TP-Link routers used in yearslong account takeover attacks – Ars Technica

Hackers linked to the Chinese government are exploiting a large network of compromised internet-connected devices, such as routers and cameras, to conduct attacks aimed at stealing account passwords for Microsoft Azure users. This network, known as Botnet-7777 (or CovertNetwork-1658 by Microsoft), consists of more than 8,000 devices that generate login attempts from multiple locations, making these attacks challenging to detect.

The attack method, known as “password spraying,” tries numerous passwords without triggering typical security alerts, as each device only makes a few attempts. This approach allows hackers to target many accounts across different sectors, including government and legal organizations in North America and Europe. Microsoft notes that this botnet is constantly changing its structure to evade detection, and the stolen login details are quickly handed over to other Chinese hacking groups to access additional parts of the targeted networks.

The botnet mainly consists of TP-Link routers, but Microsoft did not specify how these devices became infected. While no specific protective measures were given, some experts recommend rebooting affected devices periodically, as the malware typically does not survive a reboot.


Editor’s note: The summaries of each article were created by ChatGPT 4o and reviewed by Dain Oh.

Subscription

Subscribe to our newsletter for the latest insights and trends. Tailor your subscription to fit your interests:

By subscribing, you agree to our Privacy Policy. We respect your privacy and are committed to protecting your personal data. Your email address will only be used to send you the information you have requested, and you can unsubscribe at any time through the link provided in our emails.

  • Dain Oh
    : Author

    Dain Oh is a distinguished journalist based in South Korea, recognized for her exceptional contributions to the field. As the founder and editor-in-chief of The Readable, she has demonstrated her expe...

    View all posts
Coauthor:
Stay Ahead with The Readable's Cybersecurity Insights