lazarusholic

Everyday is lazarus.dayβ

Countering threats from North Korea

2022-03-24, Google
https://blog.google/threat-analysis-group/countering-threats-north-korea/
#DreamJob #AppleJeus #CVE-2022-0609

Contents

Countering threats from North Korea
On February 10, Threat Analysis Group discovered two distinct North Korean government-backed attacker groups exploiting a remote code execution vulnerability in Chrome, CVE-2022-0609. These groups' activity has been publicly tracked as Operation Dream Job and Operation AppleJeus.
We observed the campaigns targeting U.S. based organizations spanning news media, IT, cryptocurrency and fintech industries. However, other organizations and countries may have been targeted. One of the campaigns has direct infrastructure overlap with a campaign targeting security researchers which we reported on last year. The exploit was patched on February 14, 2022. The earliest evidence we have of this exploit kit being actively deployed is January 4, 2022.
We suspect that these groups work for the same entity with a shared supply chain, hence the use of the same exploit kit, but each operate with a different mission set and deploy different techniques. It is possible that other North Korean …

IoC

http://blockchainnews.vip
http://chainnews-star.com
http://disneycareers.net
http://financialtimes365.com
http://find-dreamjob.com
http://fireblocks.vip
http://gatexpiring.com
http://gbclabs.com
http://giantblock.org
http://humingbot.io
http://indeedus.org
http://onlynova.org
http://teenbeanjs.com
http://varietyjob.com
http://www.options-it.com
http://www.tradingtechnologies.com
http://ziprecruiters.org
https://colasprint.com/about/about.asp
https://financialtimes365.com/user/finance.asp
https://gatexpiring.com/gate/index.asp
https://humingbot.io/cdn/js.asp
https://teenbeanjs.com/cloud/javascript.asp
https://varietyjob.com/sitemap/sitemap.asp