The North Korean hacker group APT37 attacked the Russian Ministry of Foreign
Affairs and its employees in late 2021 and then hacked the account of a
government employee.
The allegations were disclosed in a report by information security experts
from the United States (US) which was reported by RT.com on Tuesday
(18/1/2022).
According to researchers at US cybersecurity firms Cluster25 and Black Lotus
Labs, as well as reported by the Moscow newspaper Kommersant, the phishing
campaign was targeted at the Russian Foreign Ministry in October.
Researchers claim some employees were sent archived documents and asked to
provide vaccination details, while others were given links to malware
disguised as software the Russian government uses to collect Covid
vaccination statuses.
Also read: After Nicaragua Switches, China: Taiwan's Allies Will Be Zero As
a result, one government employee account can be hacked by hackers.
From the compromised address, hackers managed to send a phishing email to
Russian Deputy Foreign Minister Sergey Ryabkov on December 20 and also
targeted the Russian Embassy in Indonesia.
APT37 is best known for using a software called Konni, a remote
administration tool. Konni is reported to have been used to target South
Korea (South Korea), as well as various political organizations in Japan,
India, and China, as well as other countries. According to Kommersant, the
group has been around since 2017.
The latest allegations are not the first time North Korea has been blamed
for an attempted phishing attack against Russia.
In November last year, Kommersant reported another hacking group, Kimsuky,
sent phishing emails written on behalf of well-known Russian experts,
scientists and nongovernmental organizations to experts in South Korea in an
attempt to obtain online login credentials.
Last week, Russian security services arrested a group of notorious hackers
following information provided by US authorities.
The Federal Security Agency (FSB) detained several people in Moscow, St
Petersburg and the Lipetsk Region who were suspected of being members of
REvil, a notorious ransomware group that received millions of dollars in
ransoms.
