Black Banshee infects in favor of Pyongyang?


KCNA/via Reuters

How hackers attack the services of major corporations, and which security agencies openly use cyber troops.

German and South Korean authorities published a joint cybersecurity advisory report alleging that North Korean hackers are stealing Gmail emails using a malicious Chrome browser extension.

According to the German Federal Office for Constitutional Protection (Bundesamt für Verfassungsschutz) and the Republic of Korea National Intelligence Service (NIS), the attack begins with a phishing campaign persuading to install a malicious extension available through a link.

The extension retrieves victims' emails when they log into their account through an infected browser.

Then the emails are sent to the attackers' server. The campaign is said to be targeting South Korean users, but it notes that attackers could use the same tactics against users in the United States, Europe, and other parts of the world.

It has also been suggested that the attackers used the Google Play sync feature to install Android malware. Having registered a viral application, they use the victim's smartphone as a test device and initiate the application installation process. Once installed, the Trojan allows hackers to manage files and contacts, track SMS, make calls, access the camera, view the desktop and log keystrokes.

The report advises protecting accounts with two-factor authentication and carefully checking incoming emails. It notes that the Kimsuki hacker group, also known as Velvet Chollima and Black Banshee, could have been behind the attacks. U.S. agencies have linked the group to North Korean authorities and have identified South Korean analytical centers, industry, nuclear power operators and government agencies as among its targets.

In the UK, on the other hand, cyber forces have been in existence quite officially since 2020. The National Cyber Force (NCF) is controlled by the Government Communications Headquarters (GCHQ) and the Ministry of Defense.

The unit is positioned as a group of hackers who can attack hostile states, including China and Russia, as well as terrorist groups.

Apart from the official reports, the unit's activities are not particularly reported, however, there are neat hints in the British media, citing sources, that the group was involved in hacking the networks of a major terrorist group. It was noted that the hackers obtained detailed information on how terrorists received drones and ammunition, as well as where militants were being trained, which enabled coalition forces to strike.

According to a report by Mandiant (a Google subsidiary specializing in information security), Chinese hackers are choosing new targets as entry points for cyberattacks and places where they can stay for years without being detected. We are even talking about antivirus software and firewalls (a kind of protective screen between the global Internet and an organization's local computer network).

It is expected that attacks planned in this way will target large sites containing data of most interest to government intelligence operations, in some cases introducing new malware or using ways to bypass a number of basic security and network tools.

Mandiant attributes such intrusions to Chinese state-sponsored hackers based on a number of technical factors and the targeting of the attacks. China, of course, officially denies that the government sponsors this type of cyber attack.

The administration of the U.S. president also uses virus software without being aware of it. This is exactly how we can describe the White House's official stance on the high-profile scandal that took place in early April.

The New York Times published a story that in late 2021 the U.S. government, through a network of affiliated companies, signed a contract to supply the now infamous Pegasus spyware.

The contract was signed with the Israeli company NSO Group, and most interestingly, at the time of its signing, sanctions had already been imposed on the company for five days.

Apparently, the contract is still in effect, but officials cannot clearly explain who is responsible for signing it.

Pegasus software was originally developed as a terrorist spying tool, but has been used for a variety of purposes, including spying on the opposition.

Such activity of different countries in the cyber field may indicate an increase in the stakes in the sphere of global cybersecurity, because hacking critical infrastructure, or, for example, information systems, with a certain purpose can serve as the key to confidential information in the field of both foreign and domestic policy of a number of countries.

Artificial intelligence and deepfake technology can play a major role in the coming confrontation, but so far only cryptocurrency fraudsters use them for illegal purposes. However, artificial intelligence-based spyware and the use of deepfake technology to bypass biometrics may well become a reality rather than a futurist's fantasy.