As per recent findings from Mandiant, companies operating in the energy and aerospace sectors are being targeted by a cyber-espionage campaign that has connections with North Korea.
The outfit behind the campaign, dubbed UNC2970, is most likely linked to North Korea and shares similarities with another Pyongyang-backed threat actor, TEMP.Hermit.
Researchers at the Google-owned cybersecurity firm discovered UNC2970’s latest campaign in June 2024 and published their findings on Tuesday.
The group was initially identified in 2021, and it has since targeted victims in the United States, United Kingdom, the Netherlands, Cyprus, Sweden, Germany, Singapore, Hong Kong, and Australia.
According to the research, UNC2970 hackers engage with their victims via email and WhatsApp, posing as recruiters for well-known companies. They eventually share a malware archive that claims to have a job description in PDF format.
The PDF file can only be read with a trojanized version of Sumatra
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: