It’s called TA406, a new cyber threat from North Korea, which is typically used in espionage.
TA406: the cyber threat from North Korea
Thanks to the cybersecurity experts of Proofpoint, we know that there are several cybercriminal campaigns underway on the net. Many of them, analyzed during 2021, would seem to be linked to TA406. It is an actor already known to security experts, because it is generally used for espionage campaigns by North Korea. TA406 does not usually employ malware, but is used in cybercrime and sextortion. However, two notable 2021 campaigns, attributed to this group, attempted to distribute malware that could be used for the collection of sensitive information.
Throughout 2021, Proofpoint took over campaigns of credential theft in progress launched by TA406. Analysts had already observed such campaigns as early as 2018. These were generally low-volume, at least until earlier this year. In fact, from January to June 2021, Proofpoint observed almost weekly campaigns. These were mainly aimed at foreign policy experts, journalists and non-governmental organizations (ONG).
The in-depth report on the work and dissemination of TA406 is available on the official Proofpoint website.
Read also: Young student in North Korea shot for selling copies of Squid Game
Leave a Reply
View Comments