North Korean hackers using Chrome extensions to steal Gmail emails


Level 15
Thread author
Top Poster
Mar 13, 2022
A joint cybersecurity advisory from the German Federal Office for the Protection of the Constitution (BfV) and the National Intelligence Service of the Republic of Korea (NIS) warn about Kimsuky's use of Chrome extensions to steal target's Gmail emails.

Kimsuky (aka Thallium, Velvet Chollima) is a North Korean threat group that uses spear phishing to conduct cyber-espionage against diplomats, journalists, government agencies, university professors, and politicians. Initially focused on targets in South Korea, the threat actors expanded operations over time to target entities in the USA and Europe.

The joint security advisory was released to warn of two attack methods used by the hacking group — a malicious Chrome extension and Android applications.

While the current campaign targets people in South Korea, the techniques used by Kimsuky can be applied globally, so raising awareness is vital.

ForgottenSeer 98186

Malicious Chrome extensions. Nothing new here. That ecosystem is derelict. The gatekeeping is not effective.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.