Google details UNC2970 North Korea-linked espionage hackers targeting US energy, aerospace sectors - #UNC2970
A series of articles chronicle the sophisticated cyber espionage campaigns conducted by North Korean hacking groups, primarily targeting security researchers and high-level executives in critical sectors like energy and aerospace. The hackers employ social engineering tactics via LinkedIn and WhatsApp, posing as job recruiters to lure victims with fake job offers embedded with malicious payloads. The malicious software deployed includes custom malware families such as PlankWalk, TOUCHMOVE, TOUCHSHIFT, LidShift, and MISTPEN, delivered through trojanized versions of legitimate applications like TightVNC and SumatraPDF. These campaigns reveal the North Korean groups' continued evolution in techniques and malware capabilities, aiming to infiltrate corporate networks and exfiltrate sensitive information. The attacks underscore a persistent effort to support North Korea's strategic intelligence and weapons programs by bypassing international sanctions. The detailed analysis and tracking of these groups by security firms like Mandiant highlight the ongoing threat posed by North Korean cyber activities globally.