North Korean cyber espionage activities have intensified in Brazil, with threat actors targeting government and financial sectors since 2020. Google’s Mandiant and Threat Analysis Group (TAG) report reveals that North Korean-backed groups, particularly UNC4899, are exploiting social engineering tactics to distribute malware-laced Python apps to cryptocurrency professionals. These attacks involve benign PDFs containing job descriptions, followed by harmless questionnaires that lead victims to download trojanized apps from GitHub.
The tactics employed by UNC4899 mirror those of other North Korean hacking groups, indicating a coordinated effort towards cyber espionage. Notably, similar job-themed social engineering campaigns have been observed in past attacks, illustrating a persistent strategy employed by North Korean actors. Additionally, Google’s report highlights the involvement of another North Korean group, PAEKTUSAN, in phishing campaigns targeting Brazilian aerospace firms using fake recruiter personas.
Moreover, the report sheds light on the activities of Moonstone Sleet, a previously undocumented North Korean threat actor, which targets individuals and organizations in software, education, and defense sectors. Moonstone Sleet employs deceptive tactics, distributing malware through counterfeit npm packages on open-source repositories. This expansion of tactics underscores the evolving nature of North Korean cyber operations and the need for heightened cybersecurity measures globally.
Reference:
