A Cyberattack Against Russia Launched by North Korean Hackers

According to the U.S. information security experts report, as a result of the attack on the Russian Foreign Ministry and its employees by the APT37, the North Korean hacker group, the account of a government employee was compromised.

RELATED:
Russia Warns About Military-Political Situation in the World

Researches at U.S. cybersecurity companies Cluster25 and Black Lotus Labs, reports made by Moscow daily Kommersant demonstrated that a phishing campaign was targeted at the Ministry back in October. The researchers stated that some employees were sent documents and asked to provide vaccination details. In contrast, others were fed with links to malware disguised as software the Russian government uses to collect Covid vaccination statuses resulting in the compromise of one account.

On December 20, the hackers sent a phishing email to Russian Deputy Minister Sergey Ryabkov from the compromised address, also targeting the Russian Embassy in Indonesia.

The North Korean APT37 is well-known for using software called Konni, an administration tool. It is known that the tool has been used to target South Korea and political organizations in Japan, India, China, and other countries. Kommersant reports indicated the group has been operating since at least 2017.

This is not the first time North Korea has been blamed for attempted attacks on Russia. Last November, Kommersant reported another hacker group, the Kimsuky, sending emails written on behalf of well-known Russian experts, scientists, and NGOs.

The Russian security services arrested a group of hackers last week following information provided by U.S. authorities. People were detained in Moscow, St. Petersburg, and Lipetsk Region for the Federal Security Service (FSB). The hackers were allegedly members of REvil, a ransomware group known for receiving millions in ransom payments.