Ever since the denuclearization discussions between Trump and Kim stalled, U.S Cyber Command has been publically exposing North Korean Hacker groups for their attempts to interrupt the systems.
Research from Maryland-based cybersecurity agency Prevailion suggests that hacking groups with its links to North Korea are trying to implant malware via rare file format in the systems of users. However, with mild confidence, it proposes the names Kimsuky or Smoke Screen behind the threat.
Per the Prevailion researchers, hackers have been sending infected documents to targets who have been a part of negotiations related to denuclearization agreement between the two nations, North Korea’s nuclear submarine program, and economic sanctions on the North Korean government.
The hacker groups would embed FPX files in Microsoft Word docs to be sent to targets, and then launch malware through macroinstructions.
There are much fewer possibilities of FPX file formats being detected as compare to straightforward Visual Basic for Applications (VBA) files.
Microsoft Office doc macros have long been a prime method for hackers to jeopardize target systems. Nonetheless, the group’s idea of hiding malware in a .fpx format attached to Microsoft docs initiated around July this year.
Kimsuky group has previously breached South Korean think tanks and defense specialists, and the U.S.-based specialists are on their radar in the newest campaign, stated Adamitis.
A few days after the U.S. Cyber Command mentioned a group’s name linked with the North Korean government, the campaign pushed a brand new round of trojanized docs, Adamitis said.
The motives behind the breach remain unclear; however, the groups were earlier involved in cyber-attacking events to fund Pyongyang’s weapons plans.