Cybersecurity firm Volexity claims North Korean hackers break into emails with the aid of extensions that are packed with content. malicious, but are still available for the Chromium browser. The tools are capable of spying on the content of emails linked to Gmail and AOL accounts.
Read more: Good Hackers: competition taking place in Rio de Janeiro is open for registration
see more
Google develops AI tool to help journalists in…
Unopened original 2007 iPhone sells for nearly $200,000; know...
understand the situation
Volexity attributes the intrusions to a group of computers working together called SharpTongue. According to the company, the activity cluster shares the discovered overlaps with the collective publicly known as Kimsuky.
It's not the first time SharpTongue has attacked. Researchers Paul Rascagneres and Thomas Lancaster maintain that the cluster tends to invade electronic devices of people or major organizations connected to the United States, Europe and South Korea.
The intention is to seek strategic information related to nuclear issues, armaments and other interests considered essential for North Korea to have knowledge, even if illegally.
Malware hits different browsers
Hackers working to protect North Korean interests use the Sharpext extension to gain unauthorized access to email and data held on victims' computers.
Malware sneaks in and extracts people's email data while they are using their computer. In addition to Google Chrome, Microsoft Edge and Naver's Whale browsers were also hit.
Hackers first invade the victim's computer and then install malware via a malicious browser extension. The other step is done with the help of the DevTools panel, Chrome's tool for developers.
Thus, at the same time that the malware acts to steal the victims' email data, it also hides notifications to the user about developer mode extensions. For this reason, detecting the intrusion is a really difficult and challenging task.
Investigations point to a group of North Korean hackers known as APT37, but there are evidence that blames Russian-aligned hackers for the attack, due to Russia's infrastructure. invasion. They are known invaders as APT28, Fancy Bear or Sofacy.
