Google is on a crusade against cybersecurity threats from North Korea

News
By published

Google lays out all the ways it is tackling APT43

North Korea
(Image credit: Etereuti / Pixabay)

Google’s Threat Analysis Group (TAG) has published a report detailing its efforts to combat a North Korean threat actor called APT43, its targets, and techniques, as well as explaining the efforts it put into cracking down on this hacking collective.

In the report, TAG refers to APT43 as ARCHIPELAGO. The group has been active since 2012, targeting individuals with expertise in North Korean policy issues such as sanctions, human rights, and non-proliferation issues, it was said. 

These individuals could be government and military staff, members of various think tanks, policymakers, academics, and researchers. Most of the time they’re of South Korean nationality, but it’s not exclusive.

Notifying the victims

ARCHIPELAGO would target these people’s both Google and non-Google accounts. They deploy different tactics, all with the goal of stealing user credentials and installing infostealers, backdoors, or other malware, onto target endpoints. 

Most of the time, they’d try phishing. Sometimes, the email back-and-forth could go on for days, as the threat actor impersonates a familiar individual or organization and establishes enough trust to be able to successfully deliver malware via email attachments. 

Google said it combats this by adding newly discovered malicious websites and domains to Safe Browsing, sending people alerts to let them know they were being targeted, and inviting them to enroll in Google’s Advanced Protection Program. 

Read more

> Google says Chinese hackers are targeting US government Gmail accounts

> Microsoft says it took down a Russian cyberattack against Ukraine

> These are the best endpoint protection software right now

Hackers would also try and host benign PDF files with links to malware on Google Drive, thinking that that way they might be able to evade detection by antivirus programs. They would also encode malicious payloads in the filenames of files hosted on Drive, while the files themselves were blank.

“Google took action to disrupt ARCHIPELAGO’s use of Drive file names to encode malware payloads and commands. The group has since discontinued their use of this technique on Drive,” Google said.

Finally, they were building malicious Chrome extensions which allowed them to steal login credentials and browser cookies. This prompted Google to improve the security in the Chrome extension ecosystem, which resulted in threat actors now needing to first compromise the endpoint first, and overwrite Chrome Preferences and Secure Preference to get the malicious extensions to run.

TOPICS
Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
A hand reaching out to touch a futuristic rendering of an AI processor.
Google says Gemini is being misused to launch major cyberattacks
Flags of Iran, China, Russia and North Korea on a wall. China North Korea Iran Russia alliance
Cybercrime is helping fund rogue nations across the world - and it's only going to get worse, Google warns
North Korean flag with a hooded hacker
North Korean hackers are posing as software development recruiters to target freelancers
Hacker silhouette working on a laptop with North Korean flag on the background
North Korea unveils new military unit targeting AI attacks
China
Chinese hackers develop effective new hacking technique to go after business networks
A digital representation of a lock
Looking for a new job? Watch out you don't fall for this new malware scam
Latest in Security
cybersecurity
Chinese government hackers allegedly spent years undetected in foreign phone networks
Data leak
A major Keenetic router data leak could put a million households at risk
Code Skull
Interpol operation arrests 300 suspects linked to African cybercrime rings
Insecure network with several red platforms connected through glowing data lines and a black hat hacker symbol
Multiple routers hit by new critical severity remote command injection vulnerability, with no fix in sight
Code Skull
This dangerous new ransomware is hitting Windows, ARM, ESXi systems
An abstract image of a lock against a digital background, denoting cybersecurity.
Critical security flaw in Next.js could spell big trouble for JavaScript users
Latest in News
Hornet swings their weapon in mid air
Hollow Knight: Silksong gets new Steam metadata changes, convincing everyone and their mother that the game is finally releasing this year
OpenAI logo
OpenAI just launched a free ChatGPT bible that will help you master the AI chatbot and Sora
Monster Hunter Wilds
Monster Hunter Wilds Title Update 1 launches in early April, adding new monsters and some of the best-looking armor sets I need to add to my collection
Zotac Gaming RTX 5090 Graphics Card
Nvidia Blackwell stock woes are compounded by price hikes as more RTX 5090 GPUs soar in pricing, and I’m sick and tired of it all at this point
A collage of Elizabeth Olsen's Scarlet Witch and Tatiana Maslany's She-Hulk
Marvel fans are already tired of Doomsday and Secret Wars cast gossip as two more superheroes get linked with roles in the next two Avengers movies
Four operators survey Verdansk. One holds a sniper rifle, one binoculars, another holds is landing with their parachute, while the last wears a skull mask
New Call of Duty: Warzone trailer shows a beautiful rebuilt Verdansk, but some fans want more: 'it won't be the same unfortunately'
More about security
cybersecurity

Chinese government hackers allegedly spent years undetected in foreign phone networks
Data leak

A major Keenetic router data leak could put a million households at risk
Hornet swings their weapon in mid air

Hollow Knight: Silksong gets new Steam metadata changes, convincing everyone and their mother that the game is finally releasing this year
See more latest
Most Popular
Hornet swings their weapon in mid air
Hollow Knight: Silksong gets new Steam metadata changes, convincing everyone and their mother that the game is finally releasing this year
OpenAI logo
OpenAI just launched a free ChatGPT bible that will help you master the AI chatbot and Sora
Monster Hunter Wilds
Monster Hunter Wilds Title Update 1 launches in early April, adding new monsters and some of the best-looking armor sets I need to add to my collection
cybersecurity
Chinese government hackers allegedly spent years undetected in foreign phone networks
Sony WF-C710N in blue glass on beige background
Sony WF-C710 earbuds land, and I think they'll be the 2025 budget buds to beat
The RIG M2 Streamstar attached to a boom arm.
The RIG M2 Streamstar has the world's first Bluetooth audio gateway in a wired gaming microphone
Four operators survey Verdansk. One holds a sniper rifle, one binoculars, another holds is landing with their parachute, while the last wears a skull mask
New Call of Duty: Warzone trailer shows a beautiful rebuilt Verdansk, but some fans want more: 'it won't be the same unfortunately'
Data leak
A major Keenetic router data leak could put a million households at risk
A collage of Elizabeth Olsen's Scarlet Witch and Tatiana Maslany's She-Hulk
Marvel fans are already tired of Doomsday and Secret Wars cast gossip as two more superheroes get linked with roles in the next two Avengers movies
Quordle on a smartphone held in a hand
Quordle hints and answers for Wednesday, March 26 (game #1157)