There are attacks aimed at gathering important information from various sources. There is a cyber-campaign happening in the United States which is found to be an intelligence operation for gathering information. This is a hacking group working out of North Korea.
There are a lot of spear phishing attacks which are disguising themselves using the fake emails containing malicious and harmful attachments in them. There are attempting to deliver a new kind of malware. The researchers on Palo Alto Networks have found out about the malware and calling it as BabyShark. The campaign has been functioning from November and has remained that way through the New Year.
The one target identified by the researchers is the American university planning to set up a conference in North Korea. This is a research and denuclearization institute which is now serving as a think tank for national security.
The danger behind the emails
The phishing emails are developed with the intent to seem as if it is sent by a security expert who is the consultant under national security. It will refer to the North Korea nuclear issues and many other subjects similar to this.
While a lot of the things used in these tricky emails is available publicly on the internet like the planning of real conference the attackers are also known to display the matters that are not at all available on the internet and not for the public. There is a possibility that a victim is exposed to the private documents and has access to it at a think tank which is part of the campaign.
Similar to many of the phishing attacks the campaign is inducing the users to make active the macros. This will lead to the malware Microsoft Visual Basic (VB) script-based BabyShark to take over the windows Pcs. By the communication of the control server and the BabyShark will get a registry key which is important to provide access to the internet and also to get commands from the workers. The main goal of the intelligence gathering campaign malware is to look over the system which is infected and obtain the important files from it.
The hacking invasions
The examination performed on BabyShark unveiled the connections to other doubtful North Korean hacking divisions such as KimJongRAT and Stolen Pencil. The same code signing certificate in the stolen pencil is also found in BabyShark. It contains the two types of malware which they are only seen to have used. On the other hand, BabyShark and KimJongRAT are found to use a similar type of file path for keeping the collected information secure. The BabyShark is having the antivirus detection along with the gathered samples of KimJongRAT. The files for baiting used to bring about KimJongRAT have the same theme as BabyShark. It all relates to North Korea nuclear avoidance and about Asian affairs.
The researchers have concluded that BabyShark is a type of North Korean hacking campaign which is made to keep a close eye on the targets it selects. It is well aware of its targets and when it traps it never fails to control it.