North Korean cybercriminals have been linked to a large wave of
credential theft campaigns targeting researchers, educational
institutions, government, media and other organizations. Two campaigns
also focused on distributing malware that could be used to gather
intelligence.Security firm Proofpoint has linked the campaigns to a group they track called TA406 (also known as Kimsuky, Velvet Chollima, Thallium, Black Banshee, ITG16, and the Konni Group.Politicians, journalists and non-governmental organizations have been the victims of lengthy campaigns between January and June 2021. The attacks were carried out against targets in North America, Russia, China and South Korea.The...