fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

APT37 Targets Journalists with Chinotto Multi-platform Malware

APT37 Targets Journalists with Chinotto Multi-platform Malware

North Korean state hacking group APT37 targets South Korean journalists, defectors, and human rights activists in watering hole, spear-phishing emails, and smishing attacks delivering malware dubbed Chinotto capable of infecting Windows and Android devices.

APT37 (aka Reaper) has been active since at least 2012 and is an advanced persistent threat group (APT) linked to the North Korean government with high confidence by FireEye.

Other security companies also track it as StarCruft (Kaspersky Lab), Group123 (Cisco Talos), or FreeMilk (Palo Alto Networks). 

The group is known for historically targeting individuals of interest to the North Korean regime, including journalists, diplomats, and government employees.

Chinotto, the malware deployed in their most recent campaign discovered by Kaspersky security researchers, allows the hacking group to control compromised devices, spy on their users via screenshots, deploy additional payloads, harvest data of interest, and upload it to attacker-controlled servers

Also Read: How can businesses protect their enterprise from Business Email Compromise (BEC) attacks?

As Kaspersky found, this backdoor was delivered onto victims’ devices months after the initial intrusions. In one case, the hackers waited as much as six months before installing Chinotto, which allowed them to exfiltrate sensitive data from the infected device.

“We suspect this host was compromised on March 22, 2021. [..] The malware operator later delivered the Chinotto malware in August 2021 and probably started to exfiltrate sensitive data from the victim,” Kaspersky said.

“Based on what we found from this victim, we can confirm that the malware operator collected screenshots and exfiltrated them between August 6, 2021 and September 8, 2021.”

APT37 Chinotto attack timeline
APT37 Chinotto attack timeline (Kaspersky)

Customizable malware

Chinotto is highly customizable malware, as shown by many variants found while analyzing the campaign, sometimes several payloads deployed on the same infected devices.

“The malware authors keep changing the capabilities of the malware to evade detection and create custom variants depending on the victim’s scenario,” the researchers said.

The malware’s Windows and Android variants use the same command-and-control communication pattern and send the stolen info to web servers located mainly in South Korea.

As the Android variants request for extended permissions on compromised devices, once granted, Chinotto can use them to collect large amounts of sensitive data, including the victims’ contacts, text messages, call logs, device info, and even audio recordings.

If it also finds and steals the victim’s credentials, it allows APT37 operators to reach out to other targets using the stolen credentials via email and social media.

Also Read: 6 ways to recognize a potential phishing scam and what to do if you receive one

APT37 Chinotto attack flow
APT37 Chinotto attack flow (Kaspersky)

“To sum up, the actor targeted victims with a probable spear-phishing attack for Windows systems and smishing for Android systems. The actor leverages Windows executable versions and PowerShell versions to control Windows systems,” Kaspersky concluded.

“We may presume that if a victim’s host and mobile are infected at the same time, the malware operator is able to overcome two-factor authentication by stealing SMS messages from the mobile phone.”

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us