North Korean hackers recently utilized a Google Chrome extension to carry out a cyber espionage operation targeting South Korean individuals. The hack involved the installation of a fake translation program called “TRANSLATEXT” on victims’ devices, allowing the hackers access to personal data such as passwords and emails. The extension, disguised as a legitimate Google translation tool, was uploaded to the code-sharing platform GitHub under the name “GoogleTranslate.crx.”
The attack, which occurred in March 2024, was attributed to the Kimsuky hacking organization, a state-backed group known for gathering intelligence for the North Korean government. This group has been active since at least 2013, and has previously used malicious Chrome extensions to target individuals in the US, Europe, and South Korea.
In response to tensions on the Korean peninsula, North Korea recently escalated its actions by releasing balloons filled with garbage across the border in retaliation for anti-DPRK leaflets sent by South Korean activists. This comes amidst a series of incidents at the inter-Korean border, including South Korean troops firing warning shots at North Korean soldiers who allegedly crossed the Military Demarcation Line.
Furthermore, North Korea’s renewed partnership with Russia, as seen in a strategic agreement signed by Vladimir Putin and Kim Jong-un, has raised concerns in South Korea. The agreement includes a promise of military assistance in case of attack, prompting South Korea to warn that this partnership could destabilize peace and security on the Korean Peninsula.
This recent cyber espionage operation, in conjunction with the rising tensions and military incidents at the border, highlights the ongoing conflict between North and South Korea. The use of fake Chrome extensions to steal personal data underscores the sophistication and persistence of North Korean state-backed hacking groups in their efforts to gather intelligence and maintain control in the region.
Article Source
https://www.newsweek.com/north-korean-hackers-using-google-steal-passwords-1918745