Reuters reports that North Korean state-sponsored threat operation Kimsuky, also known as Thallium, has launched a new campaign aimed at Western foreign affairs experts in an effort to obtain intelligence regarding the possible movement of Western policy toward North Korea.
One of the campaign's targets, U.S.-based foreign affairs analyst Daniel DePetris, noted receiving an email purporting to be from Jenny Town, the director of thinktank 38 North, which sought his opinion on security issues in North Korea.
"I realized it wasn't legit once I contacted the person with follow up questions and found out there was, in fact, no request that was made, and that this person was also a target. So I figured out pretty quickly this was a widespread campaign," said DePetris.
Meanwhile, other emails sent by Kimsuky involved queries surrounding China's reaction to nuclear testing and the appropriateness of a "quieter" aggression approach for North Korea.
"The attackers are having a ton of success with this very, very simple method. The attackers have completely changed the process," said Microsoft Threat Intelligence Center's James Elliott, who noted that the technique first came to light in January.
Ukrainian hacktivist operation IT Army has taken responsibility for a significant distributed denial-of-service attack against Russian local airline booking system Leonardo, which is used by over 50 Russian carriers, according to The Record, a news site by cybersecurity firm Recorded Future.
New attacks with the updated SysUpdate toolkit have been deployed by Chinese advanced persistent threat operation Budworm, also known as APT27, Emissary Panda, Bronze Union, Lucky Mouse, Iron Tiger, and Red Phoenix, against an Asian government and a Middle East-based telecommunications provider, reports The Hacker News.
Forty-five malicious NPM and PyPI packages have been deployed by threat actors to facilitate extensive data theft operations as part of a campaign that commenced on Sept. 12, according to BleepingComputer.