north korea, sharpext, sharptongue, malware, microsoft

SharpTongue, a North Korean-backed threat group, has been discovered to be responsible for the SHARPEXT malware.

SHARPEXT is a malware that masks itself as a browser extension. This malware can infiltrate a user’s Gmail and AOL accounts.

It was discovered that these threat actors were making use of the SHARPEXT malware, which gives them the ability to read and download email along with attachments from the accounts of users who have been infected.

The researchers working for Volexity were the first people to investigate these new avenues in depth and find them.

According to ArsTechnica, the malware has been detected for a year, Volexity said that SharpTongue is backed by the government of North Korea, and its activities overlap with those of a group known to other researchers as Kimsuky.

North Korea’s SharpTongue Group

North Korea’s SharpTongue threat group has been discovered to target specific individuals who are working on topics regarding North Korea’s strategic interests, nuclear projects, and weapons from countries like South Korea, United States, and Europe.

Through responding to numerous attacks, Volexity has discovered that the malware SharpTongue deploys a malicious Microsoft Edge or Google Chrome extension called “SHARPEXT”.

SHARPEXT is distinct from other extensions that have been documented as having been utilized by the “Kimsuky” actor because it does not make an attempt to steal usernames and passwords. Instead, the malware directly examines and steals information from the webmail account of a victim while they are using it to browse the internet.

Volexity’s initial analysis of SHARPEXT found that the malware only supported the Google Chrome web browser. However, Whale, Edge, and Chrome are the three web browsers that are supported by the most recent version, which is 3.0 according to the internal versioning.

People are familiar with Edge and Chrome as well-known browsers, but people from South Korea almost exclusively use the first browser, which is called “Whale.” “Whale” was developed by Naver and is used by people from South Korea.

North Korea’s Customized Attacks

The email service providers are usually not aware of the attack because it takes place while the user is already logged in, so detection is extremely difficult. The stolen email data is then sent to the attacker.

Additionally, because of the way the extension operates, any suspicious activity that may have occurred with the user’s email account will not be logged in the “account activity”.

According to Volexity, the attacker needs to first gain access to the original browser security preferences file of the victim before they can deploy SHARPEXT. The rollout process is highly personalized. After that, this file is altered, and it is then utilized to carry out the malicious extension’s deployment.

Volexity has observed these hackers for some time now. In each instance, a specialized folder is created for the infected user that contains the necessary files for the extension.

It is recommended to do the following in order to detect and investigate attacks of this type:

The activation of PowerShell ScriptBlock logging and the subsequent analysis of its results may prove beneficial for the detection and prioritization of malicious activity.

It may be a good idea for security teams to review the extensions that are installed on the devices of high risk individuals in order to identify extensions that are not available on the Chrome Web Store or that were loaded from an unusual path.

TECH NEWS RELATED

Cisco's networking chief Todd Nightingale to helm Fastly

Cisco said it will its enterprise and carrier groups under Jonathan Davidson, the current head of the carrier group.

View more: Cisco's networking chief Todd Nightingale to helm Fastly

Palo Alto debuts Unit 42 team for on-demand cyber security

Live expert service builds on Palo Alto’s Cortex extended detection and response (XDR) platform to provide more personalised, effective warnings.

View more: Palo Alto debuts Unit 42 team for on-demand cyber security

Apple warns its suppliers about China following Pelosi Taiwan visit

Ripple effects are continuing to multiply after the controversial visit of US House Speaker Nancy Pelosi to Taiwan just a few days ago. That visit sparked furious saber-rattling from China, for example, and even had some people fretting about WWIII. Fortunately, the worst-case fears about the Pelosi Taiwan visit ...

View more: Apple warns its suppliers about China following Pelosi Taiwan visit

James Gunn says Guardians of the Galaxy Vol 3. will be ‘incredibly emotional’

Guardians of the Galaxy Vol. 3 is one of the most anticipated movies of Phase 5, and the more we hear about its mysterious plot, the more exciting the sequel becomes. Vol. 3 was already exciting without any of the teasers from James Gunn or the leaked Comic-Con trailer ...

View more: James Gunn says Guardians of the Galaxy Vol 3. will be ‘incredibly emotional’

Samsung’s Galaxy Z Fold 4 Won’t Have an S Pen Slot

Samsung via Equal Leaks Rumors suggested that the Galaxy Z Fold 4 could feature a dedicated S Pen slot, much like the Galaxy S22 Ultra or older Galaxy Note devices. But an accidental Amazon listing proves that the phone cannot hold an S Pen without an add-on case. The Amazon ...

View more: Samsung’s Galaxy Z Fold 4 Won’t Have an S Pen Slot

Disco Elysium keeps crashing or freezing on PC

In the genre of role-playing video games, Disco Elysium has amassed a sizable fan base. However, some players experience compatibility problems and are unable to play the game. We have discussed potential solutions to the problem in this post. This post is for you if Disco Elysium keeps crashing or ...

View more: Disco Elysium keeps crashing or freezing on PC

Fintech platform Scripbox makes strategic investment in Pune-based Wealth Managers

Online wealth management platform Scripbox has made a strategic investment in Pune-based wealth advisory platform Wealth Managers.Scripbox declined to comment on the size of the deal.This is expected to bolster its geographical presence, expand customer base and offer digital solutions to Wealth Managers’ clientele.Over the past six months, Scripbox has ...

View more: Fintech platform Scripbox makes strategic investment in Pune-based Wealth Managers

Russians Building a Satellite-Blinding Laser – An Expert Explains the Ominous Technology

A powerful enough laser beam could blind spy satellites. According to a recent report in The Space Review, Russia is building a new ground-based laser facility for interfering with satellites orbiting overhead. The basic idea is simple: flooding the optical sensors of other nations’ spy satellites with laser light ...

View more: Russians Building a Satellite-Blinding Laser – An Expert Explains the Ominous Technology

How to Turn Off Focused Inbox in Microsoft Outlook

Podcast #688 – Intel & AMD Financials, Ryzen 7000 Date, be quiet! Pure Base 500 FX, Sonos, 0-Day Hacks + MORE!

How to Disable App Diagnostics in Windows 11

Samsung Galaxy Watch 5 Rumors: Will It Have Better Battery Life?

Apple Delays iPadOS 16 Software Update To Focus on iPhone 14

Top 10 Fixes for Microsoft Edge Not Connecting to the Internet

How to send a Calendar Event as an attachment in Outlook

How to Restart a Computer

Spotify Finally Fixes Its Stupid Play Button

ISRO says rocket carrying small satellites placed them in wrong orbit, rendering them unusable

Save up to 41% on Already-Affordable SoundPEATS Earbuds Today Only

Netflix releases: Everything coming and going the week of August 7

OTHER TECH NEWS

Top Car News Car News