Link to the full source article

RSS feed source: US Computer Emergency Readiness Team

Summary

The U.S. Federal Bureau of Investigation (FBI) and the following authoring partners are releasing this Cybersecurity Advisory to highlight cyber espionage activity associated with the Democratic People’s Republic of Korea (DPRK)’s Reconnaissance General Bureau (RGB) 3rd Bureau based in Pyongyang and Sinuiju:

U.S. Cyber National Mission Force (CNMF) U.S. Cybersecurity and Infrastructure Security Agency (CISA) U.S. Department of Defense Cyber Crime Center (DC3) U.S. National Security Agency (NSA) Republic of Korea’s National Intelligence Service (NIS) Republic of Korea’s National Police Agency (NPA) United Kingdom’s National Cyber Security Centre (NCSC)

The RGB 3rd Bureau includes a DPRK (aka North Korean) state-sponsored cyber group known publicly as Andariel, Onyx Sleet (formerly PLUTONIUM), DarkSeoul, Silent Chollima, and Stonefly/Clasiopa. The group primarily targets defense, aerospace, nuclear, and engineering entities to obtain sensitive and classified technical information and intellectual property to advance the regime’s military and nuclear programs and ambitions. The authoring agencies believe the group and the cyber techniques remain an ongoing threat to various industry sectors worldwide, including but not limited to entities in their respective countries, as well as in Japan and India. RGB 3rd Bureau actors fund their espionage activity through ransomware operations against U.S. healthcare entities.

The actors gain initial access through widespread exploitation of web servers through known vulnerabilities in software, such as Log4j, to deploy a web

Click this link to continue reading the article on the source website.