Subj : Google is on a crusade against cybersecurity threats from North K To : All From : TechnologyDaily Date : Thu Apr 06 2023 16:15:03 Google is on a crusade against cybersecurity threats from North Korea Date: Thu, 06 Apr 2023 15:01:50 +0000 Description: Here are all the ways Google tackles APT43, a known threat actor from North Korea. FULL STORY ====================================================================== Googles Threat Analysis Group (TAG) has published a report detailing its efforts to combat a North Korean threat actor called APT43, its targets, and techniques, as well as explaining the efforts it put into cracking down on this hacking collective. In the report, TAG refers to APT43 as ARCHIPELAGO. The group has been active since 2012, targeting individuals with expertise in North Korean policy issues such as sanctions, human rights, and non-proliferation issues, it was said. These individuals could be government and military staff, members of various think tanks, policymakers, academics, and researchers. Most of the time theyre of South Korean nationality, but its not exclusive. Notifying the victims ARCHIPELAGO would target these peoples both Google and non-Google accounts. They deploy different tactics, all with the goal of stealing user credentials and installing infostealers, backdoors, or other malware, onto target endpoints. Most of the time, theyd try phishing. Sometimes, the email back-and-forth could go on for days, as the threat actor impersonates a familiar individual or organization and establishes enough trust to be able to successfully deliver malware via email attachments. Google said it combats this by adding newly discovered malicious websites and domains to Safe Browsing, sending people alerts to let them know they were being targeted, and inviting them to enroll in Googles Advanced Protection Program. Read more > Google says Chinese hackers are targeting US government Gmail accounts > Microsoft says it took down a Russian cyberattack against Ukraine > These are the best endpoint protection software right now Hackers would also try and host benign PDF files with links to malware on Google Drive, thinking that that way they might be able to evade detection by antivirus programs. They would also encode malicious payloads in the filenames of files hosted on Drive, while the files themselves were blank. Google took action to disrupt ARCHIPELAGOs use of Drive file names to encode malware payloads and commands. The group has since discontinued their use of this technique on Drive, Google said. Finally, they were building malicious Chrome extensions which allowed them to steal login credentials and browser cookies. This prompted Google to improve the security in the Chrome extension ecosystem, which resulted in threat actors now needing to first compromise the endpoint first, and overwrite Chrome Preferences and Secure Preference to get the malicious extensions to run. Check out our list of the best firewalls right now ====================================================================== Link to news story: https://www.techradar.com/news/google-says-it-is-cracking-down-on-cybersecurit y-threats-from-north-korea --- Mystic BBS v1.12 A47 (Linux/64) * Origin: tqwNet Technology News (1337:1/100) .