Anomali Threat Research Team Identifies North Korea Based Cyber Attack Targeting Stanford University, Government Agencies, Think Tanks
Anomali Threat Researchers first observed the attack after discovering a fake website masquerading as a login page for a government diplomatic portal. Analysis of the threat actor’s infrastructure uncovered a broad phishing campaign targeting a range of agencies, think tanks and at least one university. Among the target victims was Stanford University and the French Ministry for Europe and Foreign Affairs (MEAE).
Multiple attribution points identified by Anomali threat researchers during their analysis indicated that the malicious activities may be tied to North Korean threat actors conducting cyberespionage. Among these was the observation that the infrastructure in use has been previously tied to the “Smoke Screen” campaign, reported by ESTSecurity in April.
Prior to announcing this discovery, the Anomali Threat Research Team went through all recognized and correct disclosure and notification procedures. The team also submitted the phishing sites detected to Google Safe Browsing and Microsoft for blacklist consideration.
Threat researchers utilized the Anomali Threat Platform to help identify the attack and expand their understanding of the adversary’s infrastructure. To learn more about how Anomali detects adversaries, visit:
LinkedIn:
Blog:
Anomali delivers intelligence-driven cybersecurity solutions to public and private sector organizations, including the world’s largest global enterprises and leading banks. Customers rely on Anomali to detect threats, understand adversaries, and respond effectively. Anomali arms security teams with machine learning optimized threat intelligence to identify hidden threats targeting their environments. With Anomali, organizations collaborate and share threat information among trusted communities. Anomali is the most widely adopted platform for ISACs and leading enterprises worldwide. For more information, visit us at www.anomali.com.