A new North Korea-backed hacking group is allegedly altering malware to attack the United States and other countries. Proofpoint, a security firm, is the first one to identify the malicious activities of the rising TA406 cybercriminal group.
"TA406 is associated with Kimsuky, a threat actor name broadly tracked by the threat intelligence community," said the security company.
The agency added that this cyberattacker is connected with other hackers, specifically TA406, TA408, and TA427. On the other hand, Proofpoint's latest security report also provided the differences between these rising hackers.
Right now, malware is being used in different ways to breach the systems of various government agencies and independent organizations.
North Korea-Backed Hackers Target US
According to Bleeping Computer's latest report, the new T406 malicious actor, which is believed to be a state-backed cyberattacker in North Korea, uses customized malware tools to target the United Kingdom, South Africa, India, France, and other countries, especially the U.S.
TA406 is believed to be involved in various malicious activities, such as intelligence collections, blockchain thefts, phishing campaigns, as well as malware distributions.
Proofpoint also explained this hacking group is working with other online criminals from 9:00 a.m. to 5:00 p.m. KST, from Monday to Friday. This means that they spend a lot of time attacking the mentioned countries.
How TA406 Works
Proofpoint explained that the new North Korean hackers are using two malicious implants and different varieties of credential collecting tools.
Aside from this, involved experts also discovered that the new T406 malicious actor is relying on both credential harvesting software and malware to conduct its financially motivated malicious campaigns.
In other news, NCSC's new cybersecurity report highlights the issues with the evolving ransomware attacks. On the other hand, around 4,400 phone numbers were compromised during the recent Robinhood database breach.
For more news updates about other security threats, always keep your tabs open here at TechTimes.
This article is owned by TechTimes
Written by: Griffin Davis