A North Korean hacking team successfully breached over 100 firms with phony IT professionals.
According to cybersecurity firm Crowdstrike, the team, dubbed “Famous Chollina” posed as US-based remote IT professionals to gain access to the systems of their targets. Once they were provided with employee-level access, they used a wide variety of tools to exfiltrate data and installed tools to monitor and manage their systems.
While the audacity of the campaign is noteworthy, it also shows an increasing tendency for threat actors to utilize “identity-based” attacks using phony accounts or businesses rather than emailing malicious files.
The attacks also show the importance of using known and trusted IT vendors, especially for remote support; it’s relatively easy for professional threat actors to create fake business listings, LinkedIn accounts and websites to trick companies into thinking they’re working with established professionals.
Wondering how to avoid identity-based attacks in the workplace? Not sure how to vet your vendors? Nodal can help! Contact us today.