frogboy

Level 75
Verified
Trusted


A group of hackers is using a sophisticated technique of hijacking ongoing email conversations to insert malicious documents that appear to be coming from a legitimate source and infect other targets participating in the same conversational thread.

This type of attack relies on hackers compromising one of the two or more persons involved in an email exchange.

The attackers silently take over the initial victim's email account, study in-progress conversations, and send a new message in an ongoing thread, carrying boobytrapped documents.

This tactic, albeit not new, has been recently spotted in the wild earlier this year, in May.

Hacker group believed to be operating out of North Korea
These highly sophisticated spear-phishing attacks were detected by US security firm Palo Alto Networks, and have targeted a bank based in the Middle East, a trademark and intellectual property service companies based in Europe, an international sporting organization, and even lone individuals with indirect ties to a country in North East Asia.

"The conversations were in a combination of English and the targets' native languages," Palo Alto's Christopher Budd told Bleeping Computer via email, highlighting the group's sophistication and ability to intertwine itself even in non-English discussions.

Read More. Hackers Hijack Ongoing Email Conversations to Insert Malicious Documents