North Korean hackers target U.S. entities amid stalled denuclearization talks - CyberScoop

North Korean hackers target U.S. entities amid stalled denuclearization talks - CyberScoop: A hacking group with ties to North Korea has been targeting U.S. entities with malicious documents as it works to hide its tracks better, according to research from Maryland-based cybersecurity firm Prevailion. The group has started placing its malware in obscure file formats, namely Kodak FlashPix (FPX) files, to evade antivirus detection products, according to Danny Adamitis, Prevailion’s director of intelligence analysis. The FPX files are embedded in Microsoft Word documents that are sent to victims, which are then launched via macro commands. Since FPX file formats are less likely to be detected than standard Visual Basic for Applications (VBA) files, Adamitis believes the North Korean hackers are exploiting that gap to push their attacks past anti-virus detection. Prevailion links — with moderate confidence — the action to a group known as Kimsuky or Smoke Screen. The attackers have been sending trojanized documents to victims that discuss nuclear deterrence, North …

explicita