North Korean hackers are hacking emails

Cybersecurity firm Volexity claims that North Korean hackers break into emails with the help of extensions that are packed with content. malicious, but are still available for the Chromium browser. The tools are able to spy on the content of emails linked to Gmail and AOL accounts.

Read more: Hackers for good: competition that takes place in Rio de Janeiro is open for registration

understand the situation

Volexity attributes the intrusions to a group of computers working together called SharpTongue. According to the company, the activity cluster shares the overlays discovered with the collective publicly known as Kimsuky.

It’s not the first time SharpTongue has attacked. Researchers Paul Rascagneres and Thomas Lancaster maintain that the cluster often invades the electronic devices of people or major organizations linked to the United States, Europe and South Korea.

The intention is to seek strategic information related to nuclear issues, weapons and other interests considered essential for North Korea to have knowledge, albeit illegally.

Malware targets different browsers

Hackers working to protect North Korean interests use the Sharpext extension to gain unauthorized access to email and data held on victims’ computers.

The malware works stealthily and extracts data from people’s email while they are using their computer. In addition to Google Chrome, Microsoft Edge and Naver’s Whale browsers were also hit.

Hackers first invade a victim’s computer and then install malware via a malicious browser extension. The other step is done with the help of the DevTools panel, a Chrome tool for developers.

Thus, while the malware works to steal victims’ email data, it also hides notifications from the user about developer mode extensions. For this reason, detecting the intrusion is a really difficult and challenging task.

The investigations point to a group of North Korean hackers known as APT37, but there is evidence that blame hackers aligned with Russia for the attack, due to the infrastructure of the invasion. These are invaders known as APT28, Fancy Bear or Sofacy.

About Yadunandan Singh

Born in 1992, Yadunandan approaches the world of video games thanks to two sacred monsters like Diablo and above all Sonic, strictly in the Sega Saturn version. Ranging between consoles and PCs, he is particularly fond of platform titles and RPGs, not disdaining all other genres and moving in the constant search for the perfect balance between narration and interactivity.

Check Also

Income Tax 2022: Didn’t receive the refund amount? see what to do

THE IRS made the payment of the 5th and last batch of the refund of …