North Korean malware group breaching Gmail accounts? Here's what Google replied
According to the US Cybersecurity & Infrastructure Security Agency, Kimsuki is a North Korean group which uses spearphishing to target users in the United States, Europe and South Korea.
A US-based cyber security firm has warned against a malware attack allegedly tracing its origin to North Korea which steals data from your mail account without actually bypassing login credentials.According to Volexity, the Washington DC-based cyber security firm, the North Korean threat named ‘SharpTongue’ or Kimsuki deploys a malicious ‘Google Chrome’ or Microsoft Web extension called ‘SHARPEXT’. Several media outlets including Forbes have quoted Volexity report which claims that the malware directly inspects and exfiltrates data from a victim's webmail account as they browse it. “It supports three web browsers and theft of mail from both Gmail and AOL webmail," the cyber security firm claimed.
“The first versions of the malicious extension encountered by Volexity only supported Gmail accounts. The latest version supports both Gmail and AOL mail accounts,” the report added.Hindustan Times reached out to Google on this malicious extension which has reportedly targeted users in United States, Europe and South Korea who have been working on North Korea's nuclear programme, weapon issue and other strategic issues.
“The extension in question is not in the Chrome store, and this report does not identify an exploit in Gmail. It speaks to a scenario where a system needs to already be compromised—by spear phishing or social engineering–in order for the malicious extension to be deployed," a representative from Google stated.
“Enabling anti-malware services and using security hardened operating systems like ChromeOS are best practices to prevent this and similar types of attacks,” the search engine added. The United States Cybersecurity and Infrastructure Security Agency (CISA) in a report has described about Kimsuki, a North Korean Advanced Persistent Threat Group (APTG). It says that the named group has most likely been operating since 2012, tasked by the North Korean regime with the task of global intelligence gathering mission. It is most likely to use spearphishing to gain initial access into victim hosts or networks, the report stated.
Kimsuky carries out intelligence collection activities on foreign policy and national security issues related to the North Korean peninsula.
