TikTok must provide a risk assessment for TikTok Lite

andreasc
-
0
TikTok must provide a risk assessment for TikTok Lite
[ad_1]

We’re all familiar with TikTok, but the company has a few more apps that it is distributing. One app that is making waves is the new TikTok Notes app. Aside from that, the company recently launched TikTok Lite. Well, the EU demands that TikTok provide a risk assessment for TikTok Lite. If not, then the ByteDance-owned company could be in some hot water.

In case you don’t know, TikTok Lite is a stripped-down version of the core app. It’s designed for people who don’t have as much storage on their phones and who have limited internet connection speeds.

The latest version of the full TikTok app for Android is nearly a gigabyte in size. That’s not much of an issue for a device with 128GB or 256GB. However, there are people out there who are confined to devices with less than 64GB of storage. Also, there are people in parts of the world that have historically bad internet connections. So, TikTok Lite allows you to watch TikTok videos without eating up too much data or taking up too much space.

The EU wants TikTok to give a risk assessment of TikTok Lite

The company recently launched TikTok Lite in the French and Spanish markets. However, the EU has its eyes on the app. According to the report, this move by the EU comes as part of the Digital Services Act (DSA), and it was spearheaded by Thierry Breton.

The company is going to need to basically explain how dangerous this app is to children, and it has 24 hours to do so. The DSA Target’s companies that could potentially expose children to harmful or destructive content. We all know that TikTok isn’t exactly a saint in that regard.

One thing that the EU pointed out was the Task and Reward Lite program. This program will reward users for doing specific tasks on the platform. “This concerns the potential impact of the new ‘Task and Reward Lite’ programme on the protection of minors, as well as on the mental health of users, in particular in relation to the potential stimulation of addictive behavior,” Breton said.

After TikTok delivers its risk assessment to the EU, the union will assess the company’s response and consider further steps. So, there’s no telling what will happen at this point. However, the DSA could possibly fine TikTok for up to 6% of its annual turnover if it is in violation of the act.


[ad_2]
Source link

Telegram to hit 1 billion user mark within a year

andreasc
-
0
Telegram to hit 1 billion user mark within a year
[ad_1]

Telegram is undoubtedly one of the most popular instant messaging applications in the world. The app is available for almost every popular computing platform in the world – Android, iOS, Windows, macOS, and Linux. Telegram’s user base is reportedly around 900 million active users at the moment. Now, Telegram is projected to achieve one billion monthly active users within a year, as per the app’s founder, Pavel Durov.

Telegram is spreading like a “forest fire”, suggests the founder

In an interview with the US journalist Tucker Carlson, Durov said that Telegram is spreading like a “forest fire”. He believes that the platform will have more than one billion monthly active users within a year. In comparison, one of Telegram’s main rivals, WhatsApp, has over two billion monthly active users. Telegram is also trailing behind the likes of Instagram, TikTok, Facebook, and WeChat.

For the uninitiated, Telegram Messenger aka Telegram is a cloud-based, cross-platform, encrypted instant messaging platform. The app was originally launched for iOS and Android devices in 2013. The platform was a rapid success as it gained 35 million monthly active users in less than a year after launch. Similar to most of the competitors, it also lets users share messages, files, media, and more. The users can also hold private and group voice or video calls on the platform.

Notably, the company recently released the Telegram Premium version, which offers several additional features at $4.99 per month. Premium users can also convert to the Telegram Business edition, which offers more customizable features.

On the future of Telegram

During the interview with Carlson, Durov said he remains committed to maintaining Telegram as a “neutral platform”. It will continue to steer clear of geopolitical entanglements in the social media landscape. The messaging platform is also eyeing a listing in the US market once it achieves profitability, suggests The Financial Times. The potential listing could be a major event, just like the recent Reddit IPO.

To maintain its ever-growing user base, Telegram continues to add more and more features to its portfolio. Most recently, the platform added the ability to create custom stickers. Now, it’s planning to launch more than 16 new features in the coming weeks.


[ad_2]
Source link

New Vulnerability Detector to Analyze Source Code

andreasc
-
0
New Vulnerability Detector to Analyze Source Code
[ad_1]

Detecting source code vulnerabilities aims to protect software systems from attacks by identifying inherent vulnerabilities. 

Prior studies often oversimplify the problem into binary classification tasks, which poses challenges for deep learning models to effectively learn diverse vulnerability characteristics. 

To address this, the following cybersecurity analysts introduced FGVulDet, a fine-grained vulnerability detector that employs multiple classifiers to discern various vulnerability types:-

  • Shangqing Liu from Nanyang Technological University 
  • Wei Ma from Nanyang Technological University
  • Jian Wang from Nanyang Technological University
  • Xiaofei Xie from Singapore Management University
  • Ruitao Feng from Singapore Management University
  • Yang Liu from Nanyang Technological University

FGVulDet Vulnerability Detector

Each classifier learns type-specific semantics, and researchers propose a novel data augmentation technique to enhance diversity in the training dataset. 

Inspired by graph neural networks, FGVulDet utilizes an edge-aware GGNN to capture program semantics from a large-scale GitHub dataset encompassing five vulnerability types.

Five Vulnerability Types

Previous works have simplified the identification of source code vulnerability into a binary classification problem where all defect-prone functions are labeled as 1.

This approach lacks accuracy because it does not consider types of particular vulnerabilities.

However, in contrast to this, the researchers’ approach focuses on fine-grained vulnerability identification and aims to learn prediction functions for distinct vulnerability types within a dataset. 

Each function is categorized based on its vulnerability type to predict its vulnerability status.

Their framework has three core parts:-

  • Data Collection
  • Vulnerability-preserving Data Augmentation
  • Edge-aware GGNN

On the other hand, researchers train multiple binary classifiers for different vulnerability types and aggregate their predictions through voting during the prediction phase.

This task is difficult as obtaining high-quality datasets covering a broad range of vulnerabilities requires specialist knowledge.

The framework of FGVulDet (Source – Arxiv)

GGNN is a very famous source code modeling approach that is limited to node representations without considering the edge information.

In this case, it’s aimed at proposing an edge-sensitive GGNN that can effectively use edge semantics in vulnerability detection.

Each type of vulnerability has its own binary classifier, which is trained by using datasets of both vulnerable and non-vulnerable functions.

The final prediction is made through majority voting across all the classifiers.

Since the researchers’ dataset includes common vulnerabilities so, it can be extended for detecting others as well.

On the other hand, FGVulDet employs multiple classifiers and a novel data augmentation technique for effective fine-grained vulnerability detection.

Looking to Safeguard Your Company from Advanced Cyber Threats? Deploy TrustNet to Your Radar ASAP.


[ad_2]
Source link

TikTok just launched Notes

andreasc
-
0
TikTok just launched Notes
[ad_1]

Instagram took inspiration from Twitter to make Threads; well, TikTok took inspiration from Instagram to make its new platform. TikTok just launched Notes, its Instagram-inspired social media platform that prioritizes sharing images.

This is a bit ironic. TikTok swooped in and basically defined an entire genre of vertically scrolling videos. Thus, Instagram made a hard pivot toward video content. Now, we got the news that TikTok wants to take a step backward and bring forth a photo-sharing app.

We’ve been covering news and leaks about this platform for a bit. We even saw an early prototype of the logo. However, that logo did not become the final one.

TikTok launches Notes, its Instagram-style photo-sharing app

Right now, we don’t have too much information about how this app is going to work. It’s currently only available to select users on Android and iOS. Also, it is only in the Canadian market for the time being. So, this appears to be a limited test to see how people like it. In any case, we expect it to hit other markets soon.

When you get the app, you will be able to sign in using your TikTok account. As for the interface, it looks like you will receive content via a two-column grid. This will contrast it from the one column that you get with Instagram. Whether that’s better or worse remains to be seen.

You will see the images with the captions under them. The captions can be fairly large before getting cut off. One caption reads “Dive into the heart of the city that never sleeps and create memories that will…” before getting cut off. Under the caption, you will see the account name and profile picture with the “like” count at the far right of the image.

How the app works

Like any social media platform, you will have the option to comment and otherwise interact with the posts. When you tap on a post, it will fill the top half of the screen. The bottom half of the screen will show the title and caption of the post along with the comments. At the bottom of the screen, you will see the comment text field, “Likes”, and the view comments button.

Much like Instagram, you are able to make photo carousels in TikTok Notes. It allows you to post several photos at once that the viewer will be able to flip through. While making your carousel, you have the option to choose an image for the cover image.

The post editing screen is pretty straightforward. You have the option to edit the photos within the app, choose who can see the post, and save the post draft for later.

As TikTok Notes makes it to more people, we’re going to learn more about this app’s functionality. So, stay tuned for this app to reach your area as time goes on.

Download TikTok Notes – Play Store


[ad_2]
Source link

Google won’t claim ownership of outputs from its AI tools

andreasc
-
0
Google won’t claim ownership of outputs from its AI tools
[ad_1]

Google just updated its Terms of Service regarding ownership of AI outputs. The company confirmed that they will not claim ownership of the content generated by their artificial intelligence models. This means you could even use them commercially if you want.

One of the most controversial points about the use of AI is the copyright of the content. There are multiple discussions around both the use of content obtained from the Internet and who owns the output created by AI. While there seems to be a lot of debate ahead, Google is helping to clarify the situation regarding the use of services based on its LLMs.

Ownership of content generated by Google AI tools is yours

As spotted by 9to5Google, a new clause in Google’s updated Terms of Service notes that they “won’t claim ownership over generated AI content.” They even offer the generation of a poem through the company’s AI tools as an example. According to the update, you could publish the poem commercially without prior authorization from Google.

The updated Terms of Service also include things you should avoid doing. The list mentions actions that can cause damage to the company, its services, or its users:

– introducing malware
– spamming, hacking, or bypassing our systems or protective measures
– jailbreaking, adversarial prompting, or prompt injection, except as part of our safety and bug testing programs
– providing services that appear to originate from us when they do not
– using our services (including the content they provide) to violate anyone’s legal rights, such as intellectual property or privacy rights
– reverse engineering our services or underlying technology, such as our machine learning models, to extract trade secrets or other proprietary information, except as allowed by applicable law
– using automated means to access content from any of our services in violation of the machine-readable instructions on our web pages (for example, robots.txt files that disallow crawling, training, or other activities)
– hiding or misrepresenting who you are in order to violate these terms
– providing services that encourage others to violate these terms

Google also warns about practices to avoid regarding the use of content generated through its AI tools to commit fraud:
– phishing
– creating fake accounts or content, including fake reviews
– misleading others into thinking that generative AI content was created by a human
– providing services that appear to originate from you (or someone else) when they actually originate from us

The new Terms of Service will come into effect next month

The latest Terms of Service with the new Google AI output ownership policies will come into effect as of May 22, 2024. The company also adapted its ToS to the specific laws of France and Australia. Lastly, this update does not include changes to their Privacy Policy.


[ad_2]
Source link

Cerber Linux Ransomware Exploits Atlassian Servers

andreasc
-
0
Cerber Linux Ransomware Exploits Atlassian Servers
[ad_1]

Security researchers at Cado Security Labs have uncovered a new variant of the Cerber ransomware targeting Linux systems.

This strain of the notorious malware has been observed exploiting a recent vulnerability in the Atlassian Confluence application to gain a foothold on targeted servers.

CVE-2023-22518: The Vulnerability Exploited

The primary attack vector for this Cerber variant is the exploitation of CVE-2023-22518, a vulnerability in the Atlassian Confluence application that allows an attacker to reset the application and create a new administrative account, as reported by Cado Security Labs.

This flaw, disclosed and patched earlier this year, has become a prime target for threat actors seeking to compromise Confluence servers.

Technical Details

The Cerber Linux ransomware is a highly obfuscated C++ payload, compiled as a 64-bit Executable and Linkable Format (ELF) binary and packed with the UPX packer.

This technique is employed to prevent traditional malware scanning and analysis.

Once the attacker gains access to the Confluence server through the CVE-2023-22518 exploit, they use the newly created administrative account to upload and install a malicious web shell plugin, Effluence.

Free Live Webinar for DIFR/SOC Teams: Securing the Top 3 SME Cyber Attack Vectors - Register Here.

This web shell provides a user interface for executing arbitrary commands on the compromised host.

Recreation of installing a web shell on a Confluence instance
Recreation of installing a web shell on a Confluence instance

The primary Cerber payload is then downloaded and executed through the web shell.

This payload is a stager responsible for setting up the environment and fetching additional components, including a log checker and the final encryptor payload.

The log checker payload, known as “agttydck,” is a simple C++ program that attempts to write a “success” message to a file.

This is likely a check for the appropriate permissions and sandbox detection.

A cleaned-up routine that writes out the success phrase
A cleaned-up routine that writes out the success phrase

The final encryptor payload, “agttydcb,” is the core of the ransomware.

It systematically encrypts files across the file system, overwriting the original content with the encrypted data and appending the “.L0CK3D” extension.

A ransom note is also left in each directory, demanding payment for the decryption of the files.

The ransom note left by Cerber
The ransom note left by Cerber

The Cerber Linux ransomware exploited the Atlassian Confluence vulnerability, highlighting the importance of timely patching and vigilance in securing critical enterprise applications.

As threat actors continue to target vulnerabilities in popular software, organizations must remain proactive in their security measures to protect against such sophisticated attacks.

Looking to Safeguard Your Company from Advanced Cyber Threats? Deploy TrustNet to Your Radar ASAP


[ad_2]
Source link

How Residential Proxies Enable It 

andreasc
-
0
How Residential Proxies Enable It 
[ad_1]

In a world where Internet and global connectivity is everything, it is essential for access to information and content to be unrestricted by borders. However, geographical limitations frequently restrict individuals’ access to web pages, services, and information based on their location, which frustrates users seeking open access to global content.

One such example is China, where Google and Facebook are still banned in 2024. Nevertheless, residential proxies provide a secure method for users to circumvent these restrictions with ease.

What Are Residential Proxies? 

Residential proxies are intermediary servers that give you another IP address assigned by a real Internet Service Provider (ISP) to an actual device. Consequently, when you use a residential proxy server, websites receive your requests as if they come from somewhere else which is in fact the location of the proxy itself anywhere across the globe. This not only helps one avoid geo-restrictions but also boosts privacy and security while online.

Breaking Down Geo-Restrictions 

Geo-blocking or geo-restrictions refer to limiting contents’ accessibility using geographical locations of its users by certain companies. This is usually witnessed on streaming platforms, news pieces as well as in retail where products/services vary depending on a user’s location. By hiding your true identity behind one’s own IP address using residential proxies, it enables locational-based contents such as news portals be accessed abroad as if it were local.

Benefits of Using Residential Proxies for Accessing Global Content

The benefits of having residential proxies do not just stop at watching shows that are restricted geographically in Netflix or viewing country-specific news websites. Here are some key advantages:

  • Better Privacy and Anonymity: Your original IP address gets hidden with residential proxy redirecting your internet connection which protects your identity together with personal data from possible cyber threats.
  • More Diverse Content Availability: Whether it is a video-sharing platform, social media network or online library, there might be fewer limitations imposed by residential proxies, thus giving a more varied and richer online experience.

Choosing the Right Residential Proxy Provider 

Choosing the most suitable residential proxy provider is crucial to having reliable and effective access to worldwide contents. Consider the following:

  • Reliability and Speed: Always find those providers with stable connections and high speeds for smooth browsing as well as streaming.
  • Range of Locations: Providers who offer a wide selection of countries/cities can help you globalize your internet experience in essence.
  • Ethical Considerations: Prefer providers who acquire IP addresses legally and transparently so as not to come across legal issues.

Case Studies: Success Stories with Residential Proxies

Expanding Global Research Capabilities

One market research company based in Canada used residential proxies to gain access to streaming content in more than 30 different countries. This was important for their project on analyzing global trends in streaming service preferences and viewership behaviors. Utilizing residential proxies helped to avoid geo-blocking that would prevent accessing regional-specific content portals by the firm.

As a result, some of their findings contributed to improving the content offerings and promotional strategies for a major streaming service across various markets, leading to increased subscriptions in several key regions.

Enhancing Real-Time Data Accessibility for Financial Services

Another example would be of a financial analysis corporation who went for proxies in order to get real-time information regarding stock markets from different parts of the world. They adopted residential proxies so that they could appear like locals in areas where before they had to put up with huge delays and denied access due to being flagged as bots. This made it easier for them to have access to such crucial finance reports like market prices instantly, which enabled them to make better-informed investment decisions and offer improved services for their clients.

Localized Testing That Enhances E-commerce Strategies

The reason why an e-commerce platform used residential proxies was because they wanted to test their websites all over the world and optimize them at various locations. The software developers of this website used this kind of proxy so that while designing, it would display the site just like it appears on other people’s computers across the globe.

For instance, malfunctioning currency exchange rates, limited use of languages and specific region user interfaces are some localization problems these staff were able to detect. As a result, there was a remarkable increase in user interaction within previously unproductive markets.

Social Media Management Without Borders

A social media management company relied on residential proxies for managing numerous accounts in different countries without violating any rules or regulations leading to bans or restrictions by social networks. It was especially important considering their regional targeting strategy as well as localized content creation tactics.

Thus, these servers were key in handling customer accounts based in Europe, Asia and the US through customization using content and engagement strategies that reflected culture peculiarities and preferences of each area respectively. Therefore, followership growth rate increased significantly, translating into increased client engagement level.

Content Compliance and Verification

In its bid to ensure compliance with various countries’ laws, a media house drew upon residential proxies. By doing this it allowed its compliance division members to be accessing content as viewers from those respective nations making sure that anything that is published meets local requirements set by law firms. This way the company managed to avert possible lawsuits and maintained its reputation as a culturally sensitive and responsible firm.

Conclusion

The unlimited advantages of residential proxies are that they provide access to worldwide internet content. They do not only eliminate geographical constraints, but also enhance security and privacy when surfing the net.

Residential proxies are gateways through which you can achieve more openness on the web whenever you need, be it for personal or business needs. Consider leveraging these tools for access to global content.

Through residential proxies, both corporate bodies and individuals can embrace innovation by broadening their horizons, gaining deep insights into everyday operations while at the same time optimizing online experiences.

Whether one is a market researcher or financial analyst, an e-commerce entrepreneur or social media manager or even just a content creator of whatever kind, these techniques provide endless opportunities for accessing international content in today’s digital era.

  1. Tools for Testing Your Proxy Servers
  2. Proxy or VPN for Netflix – Which is Best?
  3. Can You Secure Your Smartphone with a Proxy?
  4. Almost Every Major Free VPN Service is a Glorified Data Farm
  5. What is Dark Web, Search Engines, What Not to Do on Dark Web

[ad_2]
Source link

April update live for Galaxy A54, A53, A34 & more devices

andreasc
-
0
April update live for Galaxy A54, A53, A34 & more devices
[ad_1]

Following a US release earlier this month, Samsung‘s April update for the Galaxy A54 and Galaxy A53 is now live in international markets. The new security patch is also rolling out to the Galaxy A34 and Galaxy Tab S9 FE series. The company has already updated dozens of other Galaxy devices.

Galaxy A54, A53, and other devices get the April update

The Galaxy A53 was one of the first Samsung devices to receive the April security update. The company began the rollout in the US. Last week, the US version of the Galaxy A54 also joined the party. Both devices are now getting the update in international markets, starting in Europe. A global rollout should follow soon.

The April update for the Galaxy A54 comes with the firmware build number A546BXXS7BXD1 in Europe. That for the Galaxy A53 is A536BXXS9DXD1. Neither phone is getting anything more than the latest SMR (Security Maintenance Release), i.e., this month’s security patch. It contains over 40 vulnerability fixes.

These security fixes are also rolling out to the Galaxy A34 in Europe. The device is getting the build number A346BXXS6BXD1. The changelog is identical to the aforementioned two A-series devices. Samsung didn’t release the Galaxy A34 in the US, but users in other regions can expect to receive this update in the coming days.

The Galaxy Tab S9 FE and Galaxy Tab S9 FE+ are also picking up Samsung’s April SMR. The update for these two mid-range tablets is widely available in Europe and Latin America with build numbers ending in BXD6 (last four characters). As you might expect, the update is all about the latest security fixes.

All of these devices will get One UI 6.1

The Galaxy A54, Galaxy A53, Galaxy A34, and Galaxy Tab S9 FE series are all currently running on Android 14-based One UI 6.0. Samsung will soon update these devices to One UI 6.1. The new version debuted with the Galaxy S24 series and has already made its way into a few older flagships, including the Galaxy S23 series.

These mid-range products are unlikely to get the new AI features, though. Samsung has already confirmed that its 2021 flagships will only receive Circle to Search and Chat Assist with One UI 6.1. At best, these devices will get the same two AI features. Do not expect Live Translate, Interpreter, Generative Edit, and other AI-powered tools. We will let you know when we have more information.


[ad_2]
Source link

Top tech brands have insufficient ad transparency tools

andreasc
-
0
Top tech brands have insufficient ad transparency tools
[ad_1]

Many of us are familiar with ads across the internet, but not many people know where they come from. Sure, you conveniently see ads for products and services that you recently Googled, but that doesn’t really tell you much. Well, according to a new report, many of the big brands serving us ads have insufficient ad transparency tools.

Knowing where ads come from and other information about them is crucial in order to trust the ads themselves. It’s also important to know the target audience, reach, and who paid for them.

One shining example of this has to do with four major elections going on in the year 2024. These are the US, European, Mexican, and Indian elections. Advertisements are meant to sway people in one direction or another, so it’s very likely for people to create advertisements chock-full of misinformation and manipulative rhetoric to artificially push people to vote for one person over the competition.

Knowing more information about the source of ads is a surefire way to know whether or not the sources are trustworthy.

The top tech brands are criticized for having insufficient ad transparency tools

Mozilla and CheckFirst performed extensive research into 11 major tech brands’ ad tools. These companies are AliExpress, Apple App Store, Bing, Booking.com, Alphabet (owns Google and YouTube), LinkedIn, Meta, Pinterest, Snapchat, TikTok, X, and Zalando.

Ad transparency table

Worst of the worst

Of all of the companies, it appears that X’s performance was the worst. In fact, Mozilla’s EU Advocacy Lead, Claire Pershan, said that “X’s transparency tools are an utter disappointment,”. Accessing the ads is complicated, and can only be done through a CSV export file. Its repository has no filtering or sorting capabilities whatsoever, and the content of the ads is not disclosed. People are only given URLs to the ads. This is something that frustrated the researchers, as it shows clear disregard on X’s part.

Better, but still bad

In the report, AliExpress, Bing, Snapchat, and Zalando were in a similar boat. Their ad tools like certain vital data and functionality that would make it easy for people to find information about where the ads come from.

Next up, Alphabet’s, Booking.com’s, and Pinterest’s tools, according to the report, offer the bare minimum data and functionality. So, they fared better, but not by much.

The best… but still bad

Lastly, the Apple App Store’s, LinkedIn’s, Meta’s, and TikTok’s tools seem to be the best off on this list. However, even those tools had some major gaps in the data and functionality that they offered.

Hopefully, governmental bodies will push these companies to offer better tools. While it’s important that we get sufficient ad tools during election years, it’s also important that we get them regardless of what year it is.

Advertisements pervade pretty much every aspect of our internet experience, from gaming to video watching to web surfing. So, we’re constantly inundated with ads. It’s crucial that we have access to tools to let us know where these ads are coming from and whether or not we can trust them.


[ad_2]
Source link

North Korean Hackers Abuse DMARC To Legitimize Their Emails

andreasc
-
0
North Korean Hackers Abuse DMARC To Legitimize Their Emails
[ad_1]

DMARC is targeted by hackers as this serves to act as a preventative measure against email spoofing and phishing attempts. 

They compromise DMARC (Domain-based Message Authentication Reporting and Conformance) so that they can evade email authentication protocols, consequently enabling them to mimic authentic senders and mislead recipients. 

This way they can put up more conceivable and advantageous phishing campaigns that lead to either making money or stealing data.

Cybersecurity researchers at ProofPoint recently discovered that North Korean hackers are actively abusing the DMARC to legitimize their illicit emails.

DMARC Abuse

Proofpoint tracks the North Korean state-aligned group TA427 (aka Emerald Sleet, APT43, THALLIUM, Kimsuky), which conducts phishing campaigns targeting experts on U.S. and South Korean foreign policy for the Reconnaissance General Bureau. 

Since 2023, TA427 has directly solicited opinions from foreign policy experts on nuclear disarmament, U.S.-ROK policies, and sanctions via innocent conversation-starting emails.

Free Live Webinarfor DIFR/SOC Teams: Securing the Top 3 SME Cyber Attack Vectors - Register Here.

Researchers observed a steady and sometimes increasing stream of this activity.

While TA427 consistently relies on social engineering and rotating email infrastructure, in December 2023, it began abusing lax DMARC policies for persona spoofing and incorporated web beacons for target profiling in February 2024.

Volume of TA427 phishing campaigns (Source – ProofPoint)

TA427 is a skilled social engineering threat actor likely supporting North Korean strategic intelligence collection on U.S. and South Korean foreign policy initiatives. 

By engaging targets over extended periods through rotating aliases and innocent conversations, TA427 builds rapport to solicit opinions and analysis, especially around foreign policy negotiation tactics. 

Leveraging customized, timely lure content and spoofing familiar DPRK researchers, TA427 requests targets share thoughts via email, papers, or articles rather than directly delivering malware or credential harvesting. 

This direct input approach may fulfill TA427’s intelligence requirements while the correspondence insights improve future targeting and connection building for additional engagement.

The goal appears to be augmenting North Korean intelligence to inform negotiation strategies.

Timeline of real-world events based on international press reporting (Source – ProofPoint)

Their lures include invitations to events on North Korean affairs, inviting perspectives on deterrence policies, nuclear programs, and possible conflicts.

It involves moving conversations between email addresses, such as those of individuals being targeted and their workplaces.

TA427 masks itself in a number of ways as think tanks, non-governmental organizations (NGOs), media outlets, educational institutions, and governmental bodies utilize DMARC abuse, typosquatting, and free email spoofing for legitimization

Timeline of real-world events based on international press reporting (Source – ProofPoint)

A different tactic from early February 2024 performs reconnaissance over the victim’s active email as well as the recipient environment through web beacons. 

One of the most frequently seen actors tracked by Proofpoint is TA427 which constantly adapts its modus operandi, infrastructure elements or even avatars to tactically target experts to steal information or gain initial access for intelligence purposes rather than profit maximization.

IoCs

Looking to Safeguard Your Company from Advanced Cyber Threats? Deploy TrustNet to Your Radar ASAP.


[ad_2]
Source link
1...167168169...1,452Page 168 of 1,452