1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Google is on a crusade against cybersecurity threats from North K

    From TechnologyDaily@1337:1/100 to All on Thu Apr 6 16:15:03 2023
    Google is on a crusade against cybersecurity threats from North Korea

    Date:
    Thu, 06 Apr 2023 15:01:50 +0000

    Description:
    Here are all the ways Google tackles APT43, a known threat actor from North Korea.

    FULL STORY ======================================================================

    Googles Threat Analysis Group (TAG) has published a report detailing its efforts to combat a North Korean threat actor called APT43, its targets, and techniques, as well as explaining the efforts it put into cracking down on this hacking collective.

    In the report, TAG refers to APT43 as ARCHIPELAGO. The group has been active since 2012, targeting individuals with expertise in North Korean policy
    issues such as sanctions, human rights, and non-proliferation issues, it was said.

    These individuals could be government and military staff, members of various think tanks, policymakers, academics, and researchers. Most of the time
    theyre of South Korean nationality, but its not exclusive. Notifying the victims

    ARCHIPELAGO would target these peoples both Google and non-Google accounts. They deploy different tactics, all with the goal of stealing user credentials and installing infostealers, backdoors, or other malware, onto target endpoints.

    Most of the time, theyd try phishing. Sometimes, the email back-and-forth could go on for days, as the threat actor impersonates a familiar individual or organization and establishes enough trust to be able to successfully deliver malware via email attachments.

    Google said it combats this by adding newly discovered malicious websites and domains to Safe Browsing, sending people alerts to let them know they were being targeted, and inviting them to enroll in Googles Advanced Protection Program. Read more

    Google says Chinese hackers are targeting US government Gmail accounts


    Microsoft says it took down a Russian cyberattack against Ukraine


    These are the best endpoint protection software right now

    Hackers would also try and host benign PDF files with links to malware on Google Drive, thinking that that way they might be able to evade detection by antivirus programs. They would also encode malicious payloads in the
    filenames of files hosted on Drive, while the files themselves were blank.

    Google took action to disrupt ARCHIPELAGOs use of Drive file names to encode malware payloads and commands. The group has since discontinued their use of this technique on Drive, Google said.

    Finally, they were building malicious Chrome extensions which allowed them to steal login credentials and browser cookies. This prompted Google to improve the security in the Chrome extension ecosystem, which resulted in threat actors now needing to first compromise the endpoint first, and overwrite Chrome Preferences and Secure Preference to get the malicious extensions to run. Check out our list of the best firewalls right now



    ======================================================================
    Link to news story: https://www.techradar.com/news/google-says-it-is-cracking-down-on-cybersecurit y-threats-from-north-korea


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)