Threat actor Kimsuky using rogue browser extensions to steal data from users’ Gmail Inboxes

The law enforcement agencies from South Korean and Germany have issued a red-alert against a threat actor named Kimsuky for using rogue browser extensions to steal data from the Gmail inboxes of users.

Issuing a statement on a joint note, the Domestic Intelligence Apparatus of Germany, The Federal Office for the Protection of the Constitution (BfV) and South Korea’s National Intelligence Service of the Republic of Korea (NIS) have warned that the attack might be the work of the cyber army position by Kim Jong Un on the web.

Kimsuky, also known as Thallium or Velvet Chollima, was assigned with the duty to collect political intelligence. The threat actors group also known as Black Bansee on the dark web seems to have shifted its focus onto South Korea these days as it has been consistently targeting government think tanks, manufacturing firms, educational institutions and some political stalwarts.

Mandiant Threat Intelligence, now a business part of Alphabet Inc the parent company of Google, first detected the shift in September last year.

Now, Kimsuky has started indulging in more nasty tactics of siphoning data from the inboxes of Gmail, in the name of a campaign titled ‘Stolen Pencil and SharpTongue’.

What’s concerningly interesting is the fact that the said threat group has also started taking control of mobile accounts operating on compromised Gmail accounts obtained from already launched phishing attacks and has started downloading malicious apps on devices linked with those accounts.

In another story connected with this attack, Guardio, an Israel-based digital security service, detected that some threat actors started using AI based ChatGPT for generating some Google Extensions to steal Facebook session cookies. The threat actors encrypted and transmitted the siphoned cookies to remote servers, thus locking down the legitimate user from his/her account.

More details will be published as soon as they are confirmed!


Naveen Goud
Naveen Goud is a writer at Cybersecurity Insiders covering topics such as Mergers & Acquisitions, Startups, Cyber Attacks, Cloud Security and Mobile Security

No posts to display