They’re stealing thousands of emails.
Skimming Emails
North Korean hackers are using never-before-seen methods to bypass Google’s email security measures to read and download messages and attachments — all without Google detecting it.
They’re using simple browser extensions to steal mail data directly, and are reportedly targeting users in the US, Europe, and South Korea, according to a blog post by cybersecurity firm Volexity — sophisticated attacks that could set a jarring precedent.
While these sorts of attacks, known as “spear phishing,” have required unwitting users to voluntarily download rogue browser extensions in the past, these attacks are different, because the malware involved can download itself onto target computers without the victims knowing.
Worse yet, Google and Microsoft’s browsers are unable to detect that they’ve been infiltrated by bad actors.
The malware has also steadily evolved since its discovery, Volexity notes, and is already in its third version.
Window Me This
In an email to Ars Technica, Volexity noted that the current iteration of the attacks dubbed SharpTongue is only affecting Windows users. Volexity President Steven Adair warned, however, that there’s no reason MacOS or Linux users couldn’t be next.
There’s good reason to suggest the hackers are backed by North Korean state actors and affiliated with North Korean hacking group Kimsuky.
Volexity said in its post that it “frequently observes SharpTongue targeting and victimizing individuals working for organizations in the United States, Europe and South Korea who work on topics involving North Korea, nuclear issues, weapons systems, and other matters of strategic interest to North Korea.”
In other words, these attacks may be primarily politically motivated, so unless you have sensitive information about the Democratic People’s Republic of Korea stored on your computer, you probably don’t need to worry.
READ MORE: North Korea-backed hackers have a clever way to read your Gmail [Ars Technica]
More on phishing scams: Crypto Fans Are So Dumb They’re Clicking .EXE Files Disguised as NFTs