Google's Threat Analysis Group has released a report outlining its ongoing efforts to counter the threat posed by APT43, a North Korean hacking group called ARCHIPELAGO by Google.
ARCHIPELAGO has been active since 2012. It targets individuals with extensive knowledge of North Korean policy issues such as sanctions, human rights, and non-proliferation, TechRadar reports.
These people are frequently government and military personnel, think tank members, policymakers, academics, and researchers, mainly from South Korea.
How ARCHIPELAGO Attacks
ARCHIPELAGO does not discriminate when it comes to selecting its targets. TAG states in the report that it targets both Google and non-Google accounts using a range of tactics, including phishing, to steal user credentials and install various forms of malware, such as info stealers, backdoors, and others.
The hackers impersonate individuals and organizations that the targets are familiar with, creating a false sense of trust and convincing targets to click on links or download attachments that contain malware.
Security Measures from Google
To combat ARCHIPELAGO, Google has implemented various measures, such as adding newly discovered malicious websites and domains to Safe Browsing, which sends alerts to targeted individuals.
Additionally, Google has invited these individuals to enroll in the Advanced Protection Program, designed to provide the highest level of security and protection to those who need it most.
ARCHIPELAGO has also experimented with hosting harmless-looking PDF files with links to malware on Google Drive, encoding malicious payloads in the filenames of files hosted on Drive, and building malicious Chrome extensions to steal login credentials and browser cookies.
In retaliation, Google has disrupted ARCHIPELAGO's use of Drive filenames to encode malware payloads and commands, forcing the group to discontinue this technique.
Read Also: Top Social Media Image Info That Can Put Your Family in Danger-IP Addresses, Travel Plans & MORE!
Google has also improved the security of the Chrome extension ecosystem by requiring threat actors to compromise the endpoint first and overwrite Chrome Preferences and Secure Preference to run malicious extensions.
Decade-Long Fight Against North Korean Threat Actors
Google's Threat Analysis Group (TAG) has been tracking government-backed hacking activity tied to North Korea for over a decade. Its research on serious threat actors like ARCHIPELAGO has helped improve the safety and security of Google's products.
ARCHIPELAGO invests considerable time and effort in building rapport with targets, corresponding with them by email over several days or weeks before finally sending a malicious link or file.
The group is also constantly shifting its phishing tactics and experimenting with new techniques that might be harder for users and common security controls to detect. Meanwhile, the team from Google is always on the lookout.
Reuters reported in early February that North Korea stole more cryptocurrency assets in 2022 than in any other year, targeting the networks of foreign aerospace and defense companies.
"(North Korea) used increasingly sophisticated cyber techniques to gain access to digital networks involved in cyber finance, as well as to steal information of potential value, including information related to its weapons programs," independent sanctions monitors reported to a United Nations Security Council committee.
Stay posted here at Tech Times.
Related Article: Western Digital Hack Update: My Cloud Data Remains Inaccessible; How Serious Is This Security Breach?