Published on July 2, 2024, 11:58 am

Title: “North Korean State-Sponsored Hackers Exploit Google Chrome Extensions In Targeted Cyber Campaign”

North Korean state-sponsored threat actors have been observed using malicious Google Chrome extensions to target individuals in South Korea once again. Cybersecurity researchers from Zscaler ThreatLabz discovered a new campaign where hackers known as Kimsuky (also called Velvet Chollima, a group linked to the North Korean government) introduced malware named TRANSLATEXT to their GitHub repository on March 7.

The malware was disguised as a Google Translate extension for the browser but functioned as an infostealer capable of evading security measures and extracting sensitive data from the affected device. TRANSLATEXT was specifically designed to collect email addresses, usernames, passwords, cookies, and even take screenshots of the browser.

Zscaler identified the victims as primarily being within the education sector in South Korea. The researchers speculated that academic professionals focusing on the Korean peninsula and geopolitical issues involving North Korea were likely the main targets of this cyber campaign. Evidence supporting this included a word document distributed alongside the malware titled “Review of a Monograph on Korean Military History.”

Although the specific method of delivering the malware remains unknown, it is suspected that Kimsuky might be distributing it through email. The highly targeted nature of the attack suggests that Kimsuky had precise knowledge about whose data they intended to access.

For more cybersecurity-related updates, visit TechRadar Pro:
– North Korean hackers have unveiled new Linux backdoor attacks
– Explore top firewall options available today
– Check out the best endpoint protection tools currently on the market


Comments are closed.