Malware, Network Security, Threat Intelligence

Malware deployed by North Korean hackers via VPN update exploit

Share
Computer keyboard, close-up button of the flag of North Korea.

BleepingComputer reports that North Korean advanced persistent threat operations Kimsuky, also known as APT43, and Andariel, also known as APT45, were noted by South Korea's National Cyber Security Center to have exploited VPN software update vulnerabilities to facilitate network compromise and malware attacks that sought to exfiltrate South Korean trade secrets.

Such exploitation was evident in a January attack by Kimsuky against a South Korean construction trade entity's website that lured employees into installing trojanized security software with a valid digital certificate, which when executed launched malware that not only stole browser-stored data but also took screenshots. Construction firms, local governments, and public organizations across South Korea were impacted by the campaign, which was reported by the AhnLab Security Intelligence Center. On the other hand, Andariel used a VPN software communication protocol flaw to disseminate the DoraRAT malware in attacks against machinery and construction firms in April. "The Information Community attributes these hacking activities to the Kimsuky and Andariel hacking organizations under the North Korean Reconnaissance General Bureau, noting the unprecedented nature of both organizations targeting the same sector simultaneously for specific policy objectives," said the NCSC.

An In-Depth Guide to Network Security

Get essential knowledge and practical strategies to fortify your network security.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.