A recent surge in cyberattacks has caused concern among government and military personnel, think tanks, policy makers, academics, and researchers in the United States and South Korea. One group of attackers, known as ARCHIPELAGO, has been linked to the North Korean government and is believed to have targeted individuals with expertise in North Korea policy issues such as sanctions, human rights, and non-proliferation issues.
According to Google's Threat Analysis Group (TAG), ARCHIPELAGO is a subset of APT43, a larger threat group that has been monitored by Google since 2012. The group's tactics have evolved over the years, with phishing emails containing malicious links being a common method of attack. These emails often purport to be from media outlets or think tanks and seek to entice targets under the pretext of requesting for interviews or additional information about North Korea.
One worrying trend is the use of custom Chrome extensions to harvest sensitive data, a technique employed by ARCHIPELAGO in prior campaigns dubbed Stolen Pencil and SharpTongue. This technique allows attackers to access sensitive data directly from a target's browser, making it more difficult to detect the attack.
Another concerning development is the discovery of a vulnerability in Twitter's code that allows users to suppress specific accounts from appearing in people's feeds. The flaw was discovered by an infosec researcher after analyzing Twitter's source code, which was leaked to the public and later posted on GitHub by Twitter as part of its commitment to transparency. Botnet armies can use the vulnerability to coordinate negative signals, such as mass blocking, muting, and abuse reports, to drive down the number of times specific accounts show up in Twitter's recommendation engine.
This news has prompted a response from Twitter CEO Elon Musk, who has offered a million-dollar bounty for anyone who can provide information leading to the conviction of those behind the botnets. While Twitter is not directly related to the ARCHIPELAGO attacks, it highlights the growing concern over the ability of cyber attackers to manipulate social media algorithms and suppress voices online.
The recent surge in cyberattacks highlights the need for increased vigilance and stronger cybersecurity measures. As attackers continue to evolve their tactics, organizations must take proactive steps to protect themselves and their sensitive data. This includes implementing multi-factor authentication, regularly backing up data, and providing ongoing security awareness training to employees. Failure to do so could result in significant financial losses and reputational damage.