The North Korean hacker group APT37 attacked the Russian Foreign Ministry and its employees in late 2021 and subsequently compromised the account of a government employee, US information security experts have reported.
According to researchers at US cybersecurity companies Cluster25 and Black Lotus Labs, and later reported by Moscow daily Kommersant, a phishing campaign was targeted at the Ministry back in October. The researchers claim that some employees were sent archives of documents and asked to provide vaccination details, while others were fed with links to malware disguised as software the Russian government uses to collect Covid vaccination statuses. As a result, one account was compromised.
From the compromised address, hackers managed to send a phishing email to Russian Deputy Minister Sergey Ryabkov on December 20 and also targeted the Russian Embassy in Indonesia.
APT37 is well-known for using software called Konni, a remote administration tool. It has been reportedly used to target South Korea, as well as political organizations in Japan, India, and China, among other countries. According to Kommersant, the group has been around since at least 2017.
Donald Trump is eyeing plans to push the NATO members to ramp up defense spending…
Former US President Donald Trump paid the $9,000 fine for violating a gag order imposed…
Russian forces are steadily advancing in the Ukraine conflict, the US Director of National Intelligence,…
An out-of-control ice cream truck rolled down a slope and crashed into a group of…
He was a staunch supporter of the anti-Bolshevik White Movement during the Russian Civil War…
Ukraine needs to defeat Russia on the battlefield in order to be admitted to NATO,…