A CYBERSECURITY firm has flagged a subtle but powerful attack on Google Chrome users by a North Korean hacking group.
Kimsuky, a hacking group sponsored by North Korea, has been identified as a threat actor by the Council on Foreign Relations since 2009.
The cybersecurity company Volexity has published a blog detailing the hack, which steals information from browser sessions.
The new ploy, called SHARPEXT, does not lift usernames and passwords but steals content from email accounts that are actively logged in.
Browser providers will struggle to detect SHARPEXT because the malware script is very short and the targeted email sessions were logged into by the rightful user.
Volexity has observed the attackers targeting workers in the United States, Europe, and South Korea.
“Since its discovery, the extension has evolved and is currently at version 3.0, based on the internal versioning system,” Volexity bloggers write.
They reason that the hacker group is making reasonable gains from the attack, making the updates worth additional time and resource investment.
The Council on Foreign Relations says that previous Kimsuky plots have mostly targeted South Korean bureaucracies and businesses.
All eight of the Kimsuky incidents that made the Council’s radar have been classified as espionage – the act of trying to steal information.
North Korean leader Kim Jong-Un considers hacking and theft a viable tool for raising capital.
Conservative estimates say North Korea is responsible for the theft of $1.6billion in crypto assets.
Multiple hacker groups including Kimsuky and the Lazarus Group have acted on behalf of North Korea.
The regime’s tech wizards are trained to steal billions around the globe — which the tyrant uses to spend on weapons.
The Biden Administration has kept the specifics of the strategy for addressing the threat of North Korea mostly under wraps.
In 2021, spokesperson Ned Price reiterated that Washington was prepared to meet North Korea “anytime, anywhere, without preconditions” but there was no response.