Microsoft detects attack attempts from the two countries
A topic that has already been dealt with several times in the last period on these pages, also regarding an action that in September targeted the Tor Vergata University. We are doing it again today as a result of the alarm raised by Microsoft: according to the Redmond group, attempts at compromise have been detected from groups believed to be close to Russia and North Korea. Researchers from the United States, Canada, France, India and South Korea are targeted. The names of the companies concerned are not published.As for the attacks of Russian origin, the finger is pointed at APT28, a reality already well known, also identified as Fancy Bear or Strontium, also held responsible for interference with the 2016 US Presidential elections. They usually leverage the Password Spraying technique by trying to access the accounts of potential victims through stolen credentials.
In North Korea are instead a new entry identified as Cerium (mainly uses phishing campaign) and Zinc (or Lazarus), the latter also an old acquaintance associated with the WannaCry ransomware.
The announcement falls precisely in the days of the Paris Peace Forum where Microsoft intervenes asking governments for greater cooperation in order to implement effective counter actions for this type of threats, protecting in particular the area of healthcare more than ever exposed in this period.
Source: Microsoft