Tracked under the codename of “Operation North Star,” McAfee said these attacks have been linked to infrastructure and TTPs (Techniques, Tactics, and Procedures) previously associated with Hidden Cobra — an umbrella term the US government uses to describe all North Korean state-sponsored hacking groups.
As for the attacks themselves, McAfee said they were run-of-the-mill spear-phishing emails that enticed recipients to open boobytrapped documents containing a possible job offer.
Many hacking groups have leveraged this lure in the past, and North Korean hackers also used it before in attacks against the US defense sector in campaigns that took place in 2017 and 2019, Christiaan Beek, Lead Scientist & Senior Principal Engineer, told ZDNet in an email.
Read more…
Source: ZDNet