Hallo Security Researchers,our independent vulnerability laboratory team would like to inform the public security research community & whitehats about an incident with the north korean apt targeting security researchers.
Due to today a new campagne started by the north korean apt in connection to some indian affiliates. The campagne targets only security researchers in social media. In the most cases the researcher receives a request and then a private message or the message is directly send to his managing pages multiple times.
In the message is the following text included: ------------------------ --- English VersionI am a criminal data collection company representing Chinese law enforcement agencies. These fraudulent sites are deceiving many people in China. I need to bring the data to China to sue the site owner. Chinese law enforcement agencies have no law enforcement powers where the servers of this website are located. Therefore, we can only turn to foreign hackers for help at a high cost.
Crack the database management authority of the website and download me all the data in the database. You will receive the payment in USDT after I receive the data verification.
--- German VersionIch bin ein kriminelles Datenerfassungsunternehmen, das chinesische Strafverfolgungsbehörden vertritt. Diese betrügerischen Seiten täuschen viele Menschen in China. Ich muss die Daten nach China bringen, um den Website-Eigentümer zu verklagen. Chinesische Strafverfolgungsbehörden haben dort, wo sich die Server dieser Website befinden, keine Strafverfolgungsbefugnisse. Daher können wir uns nur zu hohen Kosten an ausländische Hacker wenden, um Hilfe zu erhalten.
Knacken Sie die Datenbankverwaltungsautorität der Website und laden Sie mir alle Daten in der Datenbank herunter. Sie erhalten die Zahlung in USDT, nachdem ich die Datenüberprüfung erhalten habe.
------------------------ 1:30,000 USDT https://gec.green-entrepreneurship.cc/login_zh.html?0.8208984571383173 username:15289618853 password:qq308830 2:30,000 USDT https://www.cegdex.com/downloadMobile.html username:asdfhuhu password:asdfhuhu transaction password:852369 Phone number:+12098746325 SMS verification code platform:https://mianfeijiema.com/sms/12098746325 3:40,000 USDT http://ahcprotect.com username:DD3645450 password:333333 http://www.ahcgoods.com username:DD1357619 password:333333 4:200,000 USDT https://www.youlucky.biz/ ------------------------After that text the apt lists in the message all targets they want to infiltrate or heist. The main target are the olympia service of a provider. the second targets are financial motivated in connection with sms verification bypass. This is mainly used to heist crypto currency or finanial platforms.
The impact of the attack doesn't show yet what are there targets because this is high espionage tactic. The apt searched for pro hackers and researcher with high level of reputation on social media.
1. The attackers want to compromise the researcher by extortion or ident compromise
2. The attackers want that the hackers and researcher community to attack the targets listed below without any purpose as a service. Means you just do they just informed you to high up traffic or to hide there traces.
3. They are really asking for this service to receive access to olympia service data or to financial services they already gained access and need to bypass specific mechanism like sms verification.
The motivation and the impact of the attack is not clearly visible ... we would like to inform everybody about it via mailing list to be aware about the north korean apt.
Risks that come along with the attack: Phishing (Links, Sites & Emails) Downgrade Attacks (Redirect & SSL Downgrade) Malware Infection (2021 Q1 NET DLL Malware) Identity Compromise (2021 Security Researchers) Exploit Development (2021 Chrome Scenario) Attacks against 3rd Party Service (Chain Exploitation) Pictures: https://ibb.co/1ffY1vb https://ibb.co/9cmhD3z https://ibb.co/3YVmMXX https://ibb.co/m6s4R2G https://ibb.co/XJSsWDG https://ibb.co/JcDTDZ7 -- VULNERABILITY LABORATORY (VULNERABILITY LAB) RESEARCH, BUG BOUNTY & RESPONSIBLE DISCLOSURE
Attachment:
OpenPGP_signature
Description: OpenPGP digital signature
_______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/