North Korean Hackers Are Attacking Gmail Accounts, According To a Cybersecurity Firm

North Korean hackers are now bypassing Google's email security safeguards and can read and download emails and attachments while remaining undetected by Google, as reported first by Futurism.

According to a blog post by cybersecurity company Volexity, the attacks are called "SharpTongue". They are allegedly targeting people in the US, Europe, and South Korea with complex attacks that might create startling precedence. They are purportedly utilizing simple browser extensions to collect mail data directly.

RUSSIA-INTERNET-GOOGLE
A picture taken on November 8, 2021 in Moscow shows the US multinational technology and Internet-related services company Google's logo on a smartphone screen. - A Moscow court on November 8 ordered fresh fines for US tech giant Google and Russian-founded encrypted messaging service Telegram, accusing the companies of not removing illegal content. Russia has piled fines on the world's biggest tech companies in recent months, with authorities accusing them of not moderating their content properly and interfering in the country's affairs. KIRILL KUDRYAVTSEV/AFP via Getty Images

Spear Phishing

Futurism said that this is called "spear phishing," which is frequently employed in targeted assault campaigns to access a person's account or pose as that person.

While earlier versions of these assaults needed unknowing users to download malicious browser extensions willingly, the malware used in these attacks can now download itself onto target machines without the victims' knowledge.

What is even more concerning is that these browsers that were made by Microsoft and Google are unable to recognize when malicious users have compromised them.

Volexity reports that the malware has also constantly developed since its discovery and is currently in its third edition.

The firm also said that current SharpTongue attacks exclusively affect Windows users. However, Volexity President Steven Adair issued a warning that there is no reason why users of MacOS or Linux should not be wary.

Upholding North Korea's Interests

Additionally, SharpTongue is reportedly attacking certain individuals to uphold North Korea's interests.

"Volexity frequently observes SharpTongue targeting and victimizing individuals working for organizations in the United States, Europe and South Korea who work on topics involving North Korea, nuclear issues, weapons systems, and other matters of strategic interest to North Korea," the firm wrote in a blog post.

In sum, these attacks may be largely political and could likely affect those with sensitive data about the government of North Korea.

Volexity added, "within the last year, Volexity has responded to multiple incidents involving SharpTongue and, in most cases, has discovered a malicious Google Chrome or Microsoft Edge extension Volexity calls SHARPEXT."

Attacking The Crypto Industry

North Korean hackers have also become common in the crypto industry. They have recently falsified job applications on LinkedIn and Indeed to secure information from crypto trends.

According to cybersecurity firm Mandiant, they have been acquiring a large swath of internal data on Ethereum and NFT protocols.

The U.S. Treasury even claimed that North Korea has been investing in cryptocurrency heists in the past few years, rendering a significant hacking danger responsible for one of the greatest crypto thefts ever reported in March.

The Treasury said about $615 million was stolen from the crypto heist.

This article is owned by Tech Times

Written by Joaquin Victor Tacla

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Join the Discussion
Real Time Analytics