HomeVulnerabilityNorth Korean hackers impersonated recruiters to steal credentials from over 1,500 developer...

North Korean hackers impersonated recruiters to steal credentials from over 1,500 developer methods

The attackers constructed a layered infrastructure

Based mostly on information collected by SecurityScorecard obtained by analyzing the attackers’ command-and-control infrastructure, the marketing campaign had three waves. In November, attackers focused 181 builders, primarily from European expertise sectors. In December, the marketing campaign expanded globally focusing on a whole lot of builders, with sure hotspots like India (284 victims). In January, a brand new wave added 233 extra victims, together with 110 methods in India’s expertise sector alone.

“The attackers exfiltrated vital information, together with improvement credentials, authentication tokens, browser-stored passwords, and system info,” the researchers mentioned. “As soon as collected by the C2 servers, the information was transferred to Dropbox, the place it was organized and saved. Persistent connections to Dropbox highlighted the attackers’ systematic method, with some servers sustaining energetic classes for over 5 hours.”

Regardless of utilizing a number of VPN tunnels for obfuscation, the attacker exercise was tracked again to a number of IP addresses in North Korea. The attackers linked by means of Astrill VPN endpoints, then by means of the Oculus Proxy community IPs in Russia and at last to the C&C servers hosted by an organization known as Stark Industries.

See also  Mozilla reveals vital vulnerability in Firefox
- Advertisment -spot_img
RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

- Advertisment -

Most Popular