The files were disgusting since they contained information about holidays and other events.
According to cybersecurity firm AhnLabs, North Korean hackers attempted to disseminate malware through bogus press releases. The hackers utilized the virus-infected publications to get access to the reader’s computer and steal data such as basic system information, the operating system, CPU specifications, and the names of previously opened word files. The files were disguised as phony news releases, according to the cybersecurity firm, and contained information such as a calendar of public holidays, among other things.
The press releases were allegedly sent out as executable scripts disguised as text files in spear-phishing emails. When the link was opened, it downloaded an infected Word and Hangul Word Processor file as well as a succession of malicious programs. Seongsu Park, a senior researcher at cybersecurity firm Kaspersky, told NK News that the procedure took a long time. As a result, “understanding the complete infection chain and preparing an effective defense plan” was “very critical,” he added.
It is not the first attack by the North Korea Hackers. Recently, North Korean hackers stole a large amount of cryptocurrency from the Ronin Bridge.
Elliptic and Chainalysis researchers stated on 21st April 2022 Thursday that they have tracked the enormous amount of bitcoin stolen from the Ronin network bridge last month to the North Korean Lazarus hacker outfit. In addition, the US Treasury announced further restrictions against North Korea, Lazarus, and its affiliates. At the time, the attackers took $540 million worth of ether, the Ethereum currency, and some USDC stablecoin. (The stolen money have now increased in value to almost $600 million.) For years, Lazarus hackers have been on a cybercriminal spree, infiltrating organizations, conducting schemes, and collecting cash to help fund the Hermit Kingdom.
Source:
https://www.wired.com/story/ronin-hack-lazarus-tmobile-breach-data-malware-telegram/