North Korean Hackers Used ‘Torisma’ Spyware in Job Offers-based Attacks


A cyberespionage campaign aimed at aerospace and defense sectors in order to install data gathering implants on victims’ machines for purposes of surveillance and data exfiltration may have been more sophisticated than previously thought.

The attacks, which targeted IP-addresses belonging to internet service providers (ISPs) in Australia, Israel, Russia, and defense contractors based in Russia and India, involved a previously undiscovered spyware tool called Torisma to stealthily monitor its victims for continued exploitation.

Tracked under the codename of “Operation North Star” by McAfee researchers, initial findings into the campaign in July revealed the use of social media sites, spear-phishing, and weaponized documents with fake job offers to trick employees working in the defense sector to gain a foothold on their organizations’ networks.

The attacks have been attributed to infrastructure and TTPs (Techniques, Tactics, and Procedures) previously associated with Hidden Cobra — an umbrella term used by the US government to describe all North Korean state-sponsored hacking groups.

The development continues the trend of North Korea, a heavily sanctioned country, leveraging…

Have a comment? Type it below!