"Stolen Pencil" data espionage campaign targets professors
Hackers are targeting academics, particularly those with biomedical engineering backgrounds, in an espionage-like campaign to steal data. Arbor Networks ASERT team, who discovered the group, have dubbed the actors "Stolen Pencil."
Why it matters: Universities are gold mines of intellectual property. But ASERT notes that there is no evidence of data theft, leaving the purpose of the attacks a little unclear.
Details: Victims were sent links to a malicious browser extension that would open a secret connection to the victims' system. The hackers then uploaded a bevy of tools to harvest passwords from those machines.
There is some evidence that the attack may have come from North Korea, although not enough to say with any certainty.
- During one session, a hacker changed the keyboard layout to Korean.
- Some of the web addresses that can be linked to the hackers specifically mention North Korea.
- The toolkit included software specifically designed to steal Ethereum cryptocurrency, which is in line with the Kim Jong-un regime's use of online cryptocurrency theft and other financially motivated attacks to compensate for sanctions.