Google Analytics data transfer to U.S. brings $1 million fine to Swedish firms
The Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten – IMY) has fined two companies with 12.3 million SEK (€1 million/$1.1 million) for using Google Analytics and warned two others about the same practice. […] Read More
North Korean Hacking Group Launches Undected Malwareless URL Phishing Attacks
Researchers from South Korea have discovered that the notorious North Korean hacking group, known as Kimsuky, has adapted its phishing tactics to use malwareless phishing attack tactics, which evade major EDR detection.
The group, which has been active for several years, is now employing new strategies to evade detection and compromise accounts of researchers and organizations focused on North Korea.
One of the most significant shifts in Kimsuky’s approach is the change in their email attack base. Previously, the group primarily used Japanese email services for their phishing campaigns.
However, the report indicates that they have now moved to utilizing Russian email services, making it more challenging for targets to identify suspicious communications.
Leveraging 2024 MITRE ATT&CK Results for SME & MSP Cybersecurity Leaders – Attend Free Webinar
Malwareless Attacks on the Rise
The group has also been increasingly relying on malwareless attack strategies. These URL phishing attacks, which do not contain malware in the emails, are proving difficult to detect as threats.
The attackers are crafting convincing phishing emails that impersonate various entities, including:
Electronic document civil service ‘National Secretary’
Portal company email security managers
Public institutions
Financial institutions
Kimsuky’s phishing emails have become more sophisticated, often incorporating themes related to familiar financial matters to increase the likelihood of user interaction.
The group has been observed using domains from ‘MyDomain[.]Korea’, a free Korean domain registration service, to create convincing phishing sites.
The Genians report outlines a timeline of the group’s activities, noting that from April 2024, they used Japanese and US domains. They switched to Korean services by May, and by September, they were using Russian domains.
However, these Russian domains were found to be fabricated and registered through a phishing email sender known as ‘star 3.0’.
“On the VirusTotal screen, the file name is ‘1.doc’, and the detection name of some Anti-Malware services includes the keyword ‘Kimsuky’. And there are also many variants.”
Interestingly, the report draws connections between current activities and past campaigns.
A mailer titled ‘star 3.0’ was discovered on the website of Evangelia University, a US-based institution. Proofpoint previously identified this same mailer in a 2021 report, linking it to North Korean threat actors.
Implications and Recommendations
The evolving tactics of the Kimsuky group highlight the need for increased vigilance among potential targets. Cybersecurity experts recommend:
Careful scrutiny of sender email addresses, especially those with Russian domains
Verification of official communications, particularly those related to financial matters
Regular updates to security policies based on the latest threat intelligence
As Kimsuky continues to refine its approach, organizations and individuals alike must remain alert to these sophisticated phishing attempts to protect sensitive information and maintain cybersecurity integrity.
Analyse Advanced Malware & Phishing Analysis With ANY.RUN Black Friday Deals : Get up to 3 Free Licenses.
cookiemanager.ne[.]kr nidiogln.ne[.]kr naverbox.pe[.]kr covd.2kool4u[.]net ned.kesug[.]com wud.wuaze[.]com owna.loveslife[.]biz online.korea.article-com[.]eu evangelia[.]edu National Secretary. Main[.] Korea National Pension Service. Server[.] Korea National Secretary. Community[.] Korea National Health Insurance Service. Confirmation. Server[.] Korea Payment Due Date-Notice-Notice. Online[.] Korea Financial payment-guidance-document-confirmation.Web[.]Korea National Tax Service-Payment deadline-notification-guidance-guidance-confirmation.Online[.]Korea National Tax Service-Payment deadline-variation notice.re[.]kr Naver-blog-post -Restriction-Guide.kro[.]kr 185.27.134[.]201 185.105.33[.]106 185.27.134[.]140 185.27.134[.]93 185.27.134[.]120 185.27.134[. ]144
Google has upgraded the Stable and Extended stable channels to 116.0.5845.187 for Mac and Linux and 116.0.5845.187/.188 for Windows as part of a security update for Chrome.
This release comes with one “Critical” security patch. The upgrade will roll out over the following days and weeks.
Critical Vulnerability Addressed
Heap buffer overflow in WebP is a critical vulnerability tracked as (CVE-2023-4863).
“Google is aware that an exploit for CVE-2023-4863 exists in the wild”, Google said in its security advisory.
The Citizen Lab at The University of Toronto’s Munk School and Apple Security Engineering and Architecture (SEAR) reported this on September 6th.
The firm is still withholding more information about the attacks.
“Access to bug details and links may be kept restricted until a majority of users are updated with a fix,” Google explains.
In order to ensure the safety and security of our projects, we may need to maintain limitations if a bug is discovered in a third-party library that is also utilized by other projects. If this issue has not yet been resolved, it is critical that we continue to impose restrictions to prevent any potential harm or damage that may result from exploiting the vulnerability, Google said.
Protect your Business Email from threats like tracking, blocking, modifying, phishing, account takeover, business email compromise, malware, and ransomware with Trustifi’s AI-powered email security solution.
Chrome Security Update
“The Stable and Extended stable channels have been updated to 116.0.5845.187 for Mac and Linux and 116.0.5845.187/.188 for Windows, which will roll out over the coming days/weeks”, Google said.
Chrome for Linux and MacOS: 116.0.5845.187
Chrome for Windows: 116.0.5845.187/.188
How to Update Google Chrome
On your computer, open Chrome.
At the top right, click More.
Click Help About Google Chrome.
Click Update Google Chrome. Important: If you can’t find this button, you’re on the latest version.
Click Relaunch.
The update should be installed soon to protect the system and browser against issues.