Today > | 1 Medium vulnerabilities   -   You can now download lists of IOCs here!

Suspected DPRK Phishing Campaign Targets Naver; Separate Apple Domain Spoofing Cluster Identified

Oct. 30, 2024, 9:58 p.m.

Description

Researchers discovered a potential North Korean phishing campaign targeting Naver, a major South Korean tech platform. The investigation revealed an exposed directory containing phishing pages designed to steal Naver user credentials. Separately, an infrastructure cluster was identified using domains and certificates impersonating Apple. Both findings align with tactics commonly associated with DPRK cyber operations. The phishing server, hosted in Seoul, contained multiple folders with files for credential theft. Additionally, a cluster of IPs across various countries was found sharing TLS certificates and domains spoofing Apple. The use of low-cost domains, Let's Encrypt certificates, and frequent infrastructure changes are consistent with known DPRK threat actor behaviors.

Date

Published: Oct. 30, 2024, 3:14 p.m.

Created: Oct. 30, 2024, 3:14 p.m.

Modified: Oct. 30, 2024, 9:58 p.m.

Attack Patterns

T1584.006

T1608.004

T1583.001

T1608.001

T1589.002

T1132.001

T1071.001

T1566

Additional Informations

Technology