• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • Jobs
  • Career
    • Cyber Security Training
    • Work from Home
    • Cyber Security Analyst
    • Remote Work – Six Ways to Keep Your Data Safe When Working Remotely
  • Field Guide
  • Newsletter Signup
  • Deals
  • News
AskCyberSecurity.com

AskCyberSecurity.com

Cyber Security News & Information

  • Home
  • Data Privacy
    • Gamers
    • Government Cyber Security
      • Legislation
      • Standards
        • What are the risks of computer security?
        • Medical Cyber Security
    • Social Media
  • Security
    • Data Breaches
    • Scams
    • Malware
  • Software
    • Apps
    • Web Browsers
  • Glossary
    • Cyber Security Acronyms
  • About Ask Cyber Security
    • Authors
    • Contact Us
  • VPN
    • How Do I Know If My VPN is Working?
    • Best Free VPN iPhone
    • Why Use a VPN?
    • NordVPN vs IPVanish
    • Private Internet Access Download
    • Best VPN for Streaming
      • TikTok VPN
    • VPN Porn
    • Computer Security Software – What You Really Need
  • Tutorials
  • ChatGPT
    • Does ChatGPT Save Data?
AskCyber Home » News » News » US Defense Contractors Targeted by North Korean Cyber Attacks

US Defense Contractors Targeted by North Korean Cyber Attacks

2020-07-30 by Michelle Dvorak

Defense Contractors North Korean Cyber Attacks

Phishing Attacks Targets U.S. Aerospace & Defense Contractors

North Korean threat actors targeted U.S. defense and aerospace contractors with a massive email phishing campaign.  The messages sent false job postings from several well-known defense contractors. The targets were phished in an attempt to compromise devices with malware and to steal military and defense tech intelligence.

The North Korean threat actors, posing as job recruiters, sent phishing emails and social media messages with false job offers. They used legitimate job openings from three well-known defense contractors, says a report from cyber security researchers at McAfee Advanced Threat Research (ATR).

The attacks persisted from 31 March and 18 May 2020 and were sent to an undetermined number of targets.

The targets were sent malicious documents as lures and with a goal of installing data gathering DLL implants on the victims’ machines. Several types of implants were used in the attacks.

What is Hidden Cobra?

Hidden Cobra is a term for state-sponsored advanced persistent threat groups that work for the Democratic People’s Republic of Korea (DPRK, also known as North Korea). Hidden Cobra consists of threat actors like Advanced Persistent Threat Group 37, APT 37, Lazarus Group, APT 38, KONNI, DarkHotel, Kimsuky, and Andariel.

North Korean Cyber Attacks

Just this month, Lazarus Group was implicated in a series of MageCart attacks on major retailers in Europe and the United States. The malware attacks steal money to fund other activities.

In February, the US Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) issued an alert after threat actors compromised a gas compression facility using a spear phishing attack. The North Korean attackers successfully compromised the company’s IT network.

CISA issued alert in March, along with the U.S. Departments of State, the US Treasury, and the Federal Bureau of Investigation (FBI). The US government is offering a $5 million USD reward for information on North Korean threat activity – past or present.

In May of this year, CISA, the FBI, and the Department of Defense (DoD) jointly issued an update on North Korean malware activity – specifically TAINTEDSCRIBE and PEBBLEDASH trojans and COPPERHEDGE Rat malware.

How do I defend against phishing emails?

The objective of this campaign was to gather intelligence about specific US defense programs and technology. The threat actors sent legitimate job postings from three defense and aerospace organizations to lure an unknown number of targets into downloading malicious documents. If the victim downloaded the weaponized document, then malware compromised their computer.

According to McAfee, their technology currently protects against this phishing threat.

Filed Under: News Tagged With: North Korea

About Michelle Dvorak

Michelle writes about cyber security, data privacy focusing on social media privacy as well as how to protect your IoT devices. She has worked in internet technology for over 20 years and owns METRONY, LLC. Michelle earned a B.S. in Engineering from Rensselaer Polytechnic Institute. Michelle published a guide to Cyber Security for Business Travelers


LinkedInTwitterFacebook

Primary Sidebar

Subscribe to Our Free Newsletter

We Don't Share or Sell Your Info

Web Browsers

Where Are My Saved Passwords in Chrome?

Google Removes 70 Malicious Browser Add-ons from Chrome Web Store

Firefox 75 Reports Your Browser Settings to Mozilla

Categories

Cyber Security Field Guide

Computer Security While TravelingGet Our Cyber Security Field Guide - Available on Amazon!

Recent Posts

Security Marketing Manager – Remote

Sr. Associate, Cybersecurity Architect – Pfizer

Strategic Customer Success Manager – Cybersecurity – Opportunity for Working Remotely

Top 20 Passwords Leaked on Dark Web

ISU Cybersecurity Leader Job Opening

Cyber Security News

Top 20 Passwords Leaked on Dark Web

… [Read More...] about Top 20 Passwords Leaked on Dark Web

Apple Warns of Actively Exploited Zero-Day Flaw

… [Read More...] about Apple Warns of Actively Exploited Zero-Day Flaw

IRS Stops Facial Recognition System for Online Access

… [Read More...] about IRS Stops Facial Recognition System for Online Access

National Cybersecurity Alliance Announces Data Privacy Week

… [Read More...] about National Cybersecurity Alliance Announces Data Privacy Week

More Cyber Security News

Tags

amazon Android Apple bitcoin China chrome CISA credit card DarkSide DHS DOJ Equifax Europe Facebook facial recognition FBI Firefox FTC games GDPR Google Government hacker identity theft India iPhone Iran IRS LinkedIn Microsoft North Korea PayPal phishing phishing email ransomware REvil Russia smartphone T-Mobile TikTok tutorial VPN WhatsApp WiFi Windows

Government

CBP Looks to Access Airline Passenger Data

FTC Releases Cyber Threat Video Playlist

Malware Found on US Government Funded Phones

UK NCA Reaches Out to Youth to Deter Cybercrimes

More Posts from this Category

Footer

Menu

  • Home
  • About
  • Authors
  • Newsletter Signup
  • PRIVACY POLICY

Search

Why Use a VPN?

NordVPN vs IPVanish VPN Review

NAVIGATION

  • Data Breaches
  • Data Privacy
  • Gamers
  • Scams
  • Malware

MEMBER NJCCIC

New Jersey Cybersecurity & Communications Integration Cell

STAY CONNECTED

  • Facebook
  • Instagram
  • Pinterest
  • YouTube
  • Twitter
  • RSS

Copyright © 2023 · AskCyberSecurity.com · METRONY, LLC

Go to mobile version