North Korean Hacking Group Targets Diplomats, Forgoes Malware
A North Korean cyber-operations group has focused on targeting diplomats and regional experts in its cyber espionage campaigns. It uses captured credentials to sustain phishing attacks and rarely uses malware to attack the targets. The North Korean group was found to mainly target individuals in the United States, Russia and China. The attackers quietly harvest credentials, gain access to information and turn compromises into financial gain. The hacking group is called Threat Actor 406.
The group attempted to compromise law enforcement makers, experts in economics and finance and high-level officials in weekly attacks. Prior to these attacks, the group had been completing lower-level attacks in prior years. Previously to 2021, North Korean groups had also not used national security issues as a lure. TA406 is known to repeatedly target the same groups or individuals for repeated financial gain. North Korean groups has focused on espionage campaigns and targeting organizations for financial gain, commonly targeting cryptocurrency.