Suspected North Korea-linked threat group STARKMULE has been utilizing fraudulent U.S. military job recruitment lures to facilitate malware downloads on hacked South Korean e-commerce platforms, reports The Record, a news site by cybersecurity firm Recorded Future.
Korean speakers have been the primary target of the new attack campaign, which involves the delivery of phishing emails with a ZIP archive containing documents referencing U.S. Army recruitment and the U.S. Defense Department's Multi National Recruitment System, a report from Securonix revealed. Opening the documents prompts the deployment of malware retrieved from two legitimate e-commerce sites that have been hacked by the threat actors.
"Based on our experience and some of the current indicators we have seen, there is a good chance that the threat originates from North Korea. However, the work on final attribution is still in progress," said Securonix Vice President of Threat Research Oleg Kolesnikov.
Such a threat was reported following the discovery of North Korean hacking campaigns against GitHub and JumpCloud.