Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Alerts

North Korean Hackers Target US and SK

April 6, 2023
Reading Time: 2 mins read
in Alerts

 

 

North Korean hackers, backed by the country’s government, have been linked to attacks on government and military personnel, think tanks, policy makers, academics, and researchers in South Korea and the U.S.

The group, tracked by Google’s Threat Analysis Group under the name ARCHIPELAGO, is a subset of another group known as APT43. Google has been monitoring the hackers since 2012 and observed that they target individuals with expertise in North Korean policy issues.

ARCHIPELAGO uses phishing emails containing malicious links to redirect victims to fake login pages designed to steal their credentials.

ARCHIPELAGO invests time and effort to build a rapport with targets before sending a malicious link or file. They also use the browser-in-the-browser (BitB) technique to render rogue login pages inside an actual window to steal credentials.

The phishing messages have posed as Google account security alerts to activate the infection, and the group has hosted malware payloads on Google Drive in the form of blank files or ISO optical disc images. ARCHIPELAGO also uses fraudulent Google Chrome extensions to harvest sensitive data, as seen in prior campaigns known as Stolen Pencil and SharpTongue.

The priorities of APT43 and ARCHIPELAGO align with North Korea’s Reconnaissance General Bureau (RGB), the country’s primary foreign intelligence service. This suggests that the group overlaps with a group widely known as Kimsuky.

AhnLab Security Emergency Response Center has detailed Kimsuky’s use of Alternate Data Stream (ADS) and weaponized Microsoft Word files to deliver info-stealer malware.

The development highlights the continued threat posed by North Korean-backed hackers and the importance of remaining vigilant against their attacks.

 

Reference:
  • How we’re protecting users from government-backed attacks from North Korea

Tags: April 2023ARCHIPELAGOCyber AlertCyber Alerts 2023GovernmentNorth KoreanSouth KoreaUnited States
ADVERTISEMENT

Related Posts

Apple Backports Fix For Exploited Bug

Apple Backports Fix For Exploited Bug

September 18, 2025
Apple Backports Fix For Exploited Bug

FileFix Uses Steganography To Drop StealC

September 18, 2025
Apple Backports Fix For Exploited Bug

Google Removes 224 Android Malware Apps

September 18, 2025
DHS Data Hub Leaked Sensitive Intel

ChatGPT Calendar Flaw Lets Email Theft

September 17, 2025
DHS Data Hub Leaked Sensitive Intel

Windows Update Breaks SMBv1 Shares

September 17, 2025
DHS Data Hub Leaked Sensitive Intel

Scattered Spider Returns Despite Exit

September 17, 2025

Latest Alerts

FileFix Uses Steganography To Drop StealC

Apple Backports Fix For Exploited Bug

Google Removes 224 Android Malware Apps

ChatGPT Calendar Flaw Lets Email Theft

Windows Update Breaks SMBv1 Shares

Scattered Spider Returns Despite Exit

Subscribe to our newsletter

    Latest Incidents

    AI Forged Military IDs Used In Phishing

    Insight Partners Warns After Data Breach

    ShinyHunters Claims Salesforce Data Theft

    DHS Data Hub Leaked Sensitive Intel

    Worm Infects 180 npm Packages

    Jaguar Land Rover Delays Restart After Cyberattack

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial