Google TAG Identifies Threats from North Korea

  |  Source: 
Google TAG
Information & Technology

Google TAG Identifies Threats from North Korea

Research from Google's Threat Analysis Group (TAG) has been tracking activity from two North Korean threat groups, since February 10th. The associated threat campaigns are named  publicly as "Operation Dream Job" (active since at least June 2020) and "Operation AppleJeus" (active since 2018), as the lures utilize employment themes. The two campaigns target different industries; "Operation Dream Job" has been observed targeting media and technology (hosting providers and software companies), and "Operation AppleJeus" targets financial services, specifically cryptocurrency and fintech organizations. The tactics, techniques and procedures, utilized by both campaigns, leverage the same exploit kit involving a Google Chrome remote code execution (RCE) vulnerability - CVE-2022-0609. The phishing site utilizes an iframe conducting system checks on the victim collecting requirements needed for the RCE exploit to be successful and in addition, a javascript could escape Chrome's sandbox protection. In order to evade security researchers, the attackers were cautious in their campaign, as they only served the iframe during specific times, to implement a one-time-click policy and ensured exploits would only work if requirements were met.

Get trending threats published weekly by the Anvilogic team.

Sign Up Now