Ionut Arghire reports:
A threat group possibly originating from North Korea has been targeting academic institutions since at least May of this year, NetScout’s security researchers reveal.
The attackers use spear-phishing emails that link to a website where a lure document attempts to trick users into installing a malicious Google Chrome extension. Following initial compromise, off-the-shelf tools are used to ensure persistence.
The campaign likely hit other targets as well, though NetScout says that only those domains targeting academia were intended to install a malicious Chrome extension. Many of the intended victims, across multiple universities, had expertise in biomedical engineering.
The actors behind the attack, however, displayed poor OPSEC, which allowed the researchers to find open web browsers in Korean, English-to-Korean translators, and keyboards switched to Korean.
Read more on SecurityWeek.