Techly NewsGet the app

Get the latest tech news

North Korean Group Infiltrated 100-Plus Firms with Imposter IT Pros


"CrowdStrike has continued doing what gave it such an expansive footprint in the first place," writes CSO Online — "detecting cyber threats and protecting its clients from them." They interviewed Adam Meyers, CrowdStrike's SVP of counter adversary operations, whose team produced their 2024 T...

"They interviewed Adam Meyers, CrowdStrike's SVP of counter adversary operations, whose team produced their 2024 Threat Hunting Report(released this week at the Black Hat conference). CrowdStrike's threat hunters discovered that after obtaining employee-level access to victim networks, the phony workers performed at minimal enough levels to keep their jobs while attempting to exfiltrate data using Git, SharePoint, and OneDrive and installing remote monitoring and management (RMM) tools RustDesk, AnyDesk, TinyPilot, VS Code Dev Tunnels, and Google Chrome Remote Desktop. CrowdStrike's OverWatch hunters, a team of experts conducting analysis, hunted for RMM tooling combined with suspicious connections surfaced by the company's Falcon Identity Protection module to find more personas and additional indicators of compromise.

Get the Android app

Or read this on Slashdot

Read more on:

Photo of North Korean

North Korean

Photo of Pros

Pros

Photo of Firms

Firms

Related news:

News photo

US dismantles laptop farm used by undercover North Korean IT workers

News photo

North Korean hackers exploit VPN update flaw to install malware

News photo

Tech CEOs are backtrack on RTO mandates–now, 3% want workers in office full-time

« Apple. Apple Please
Wine 9.15 Brings A Lot Of Work On MSHTML, More Windows ODBC Driver Support »