Suspect Group May be Engaged in Phishing Campaign to Conduct Espionage, Anomali Researchers Believe

/EIN News/ -- REDWOOD CITY, Calif., Aug. 21, 2019 (GLOBE NEWSWIRE) -- Anomali, a leader in intelligence-driven cybersecurity solutions, today published its latest research report: Suspected North Korean Cyber Espionage Campaign Targets Multiple Foreign Ministries and Think Tanks



Anomali threat researchers first observed the attack after discovering a fake website masquerading as a login page for a government diplomatic portal. Analysis of the threat actor’s infrastructure uncovered a broad phishing campaign targeting a range of agencies, think tanks and at least one university. Among the target victims was Stanford University and the French Ministry for Europe and Foreign Affairs (MEAE).

Multiple attribution points identified by Anomali threat researchers during their analysis indicated that the malicious activities may be tied to North Korean threat actors conducting cyberespionage. Among these was the observation that the infrastructure in use has been previously tied to the “Smoke Screen” campaign, reported by ESTSecurity in April.

Prior to announcing this discovery, the Anomali Threat Research Team went through all recognized and correct disclosure and notification procedures. The team also submitted the phishing sites detected to Google Safe Browsing and Microsoft for blacklist consideration.

Threat researchers utilized the Anomali Threat Platform to help identify the attack and expand their understanding of the adversary’s infrastructure. To learn more about how Anomali detects adversaries, visit: Anomali ThreatStream .

