A new North Korea-backed hacking group is allegedly altering malware to attack the United States and other countries. Proofpoint, a security firm, is the first one to identify the malicious activities of the rising TA406 cybercriminal group.

North Korea-Backed Hackers Allegedly Modify Malware to Breach US, UK, and Other Countries
(Photo : Photo by Michael Bocchieri/Getty Images)
NEW YORK, NY - NOVEMBER 10: Network cables are plugged in a server room on November 10, 2014 in New York City. U.S. President Barack Obama called on the Federal Communications Commission to implement a strict policy of net neutrality and to oppose content providers in restricting bandwith to customers.

"TA406 is associated with Kimsuky, a threat actor name broadly tracked by the threat intelligence community," said the security company. 

The agency added that this cyberattacker is connected with other hackers, specifically TA406, TA408, and TA427. On the other hand, Proofpoint's latest security report also provided the differences between these rising hackers. 

Right now, malware is being used in different ways to breach the systems of various government agencies and independent organizations. 

North Korea-Backed Hackers Target US

According to Bleeping Computer's latest report, the new T406 malicious actor, which is believed to be a state-backed cyberattacker in North Korea, uses customized malware tools to target the United Kingdom, South Africa, India, France, and other countries, especially the U.S. 

North Korea-Backed Hackers Allegedly Modify Malware to Breach US, UK, and Other Countries

(Photo : Photo credit should read JACK GUEZ/AFP via Getty Images)
An engineer from the Israeli company "Commun.it" uses his expertise in social media commercial analysis to identify networks of fake users during at the group's office in the Israeli city of Bnei Brak near Tel Aviv on January 23, 2019. - A coalition of Israeli diplomats, programmers and hackers have joined forces to stave off threats -- including from hostile states -- by identifying networks on social media and getting them removed.

Also Read: DuckDuckGo Search Engine Aims to Provide Extra Anonymity Against Android Apps That Track Users

TA406 is believed to be involved in various malicious activities, such as intelligence collections, blockchain thefts, phishing campaigns, as well as malware distributions. 

Proofpoint also explained this hacking group is working with other online criminals from 9:00 a.m. to 5:00 p.m. KST, from Monday to Friday. This means that they spend a lot of time attacking the mentioned countries.  

How TA406 Works

Proofpoint explained that the new North Korean hackers are using two malicious implants and different varieties of credential collecting tools. 

Aside from this, involved experts also discovered that the new T406 malicious actor is relying on both credential harvesting software and malware to conduct its financially motivated malicious campaigns. 

In other news, NCSC's new cybersecurity report highlights the issues with the evolving ransomware attacks. On the other hand, around 4,400 phone numbers were compromised during the recent Robinhood database breach. 

For more news updates about other security threats, always keep your tabs open here at TechTimes.  

Related Article: US, UK Blame Iran for Microsoft, Fortinet Cyberattacks Targeting their Security Flaws

This article is owned by TechTimes

Written by: Griffin Davis

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Join the Discussion