{"id":2187,"date":"2022-08-05T08:00:08","date_gmt":"2022-08-05T08:00:08","guid":{"rendered":"https:\/\/www.nebrcentre.co.uk\/?p=2187"},"modified":"2022-08-05T08:00:08","modified_gmt":"2022-08-05T08:00:08","slug":"watch-out-cyber-spies","status":"publish","type":"post","link":"https:\/\/crcnetwork-cfkr6.projectbeta.co.uk\/northeastcrc\/watch-out-cyber-spies\/","title":{"rendered":"Watch Out: Cyber Spies\u00a0"},"content":{"rendered":"\n<p>Businesses and the IT teams should be aware of the following threat, which&nbsp;<a href=\"https:\/\/www.scmagazine.com\/brief\/threat-intelligence\/browser-extension-leveraged-for-stealthy-email-theft\">according to reports<\/a>,&nbsp;is seeing a&nbsp;North Korean based&nbsp;cyber&nbsp;organisation&nbsp;\u2013 identified as&nbsp;Kimusuky&nbsp;\u2013 using a malicious browser extension&nbsp;named \u2018Sharpext\u2019&nbsp;to steal emails from&nbsp;Gmail and AOL accounts.<\/p>\n\n\n\n<p>Attackers have reportedly been installing the malicious web extension after compromising a victim\u2019s system by installing a custom script that replaces the \u2018Preferences\u2019 files&nbsp;with ones installed from the malware command centre.<\/p>\n\n\n\n<p>A victim can be scrolling through their emails&nbsp;and&nbsp;reading important information, all of which is being stolen and read by&nbsp;third parties&nbsp;under their noses.&nbsp;The attack remains undetected as it gains access through an already&nbsp;logged-in&nbsp;session, which goes unnoticed by the email provider.<\/p>\n\n\n\n<p>No suspicious activity alerts&nbsp;are activated, meaning that victims are often completely unaware that their information has been accessed and stolen.&nbsp;Previously,&nbsp;Sharpext&nbsp;has been used in targeted attacks on foreign policy&nbsp;and individuals of strategic interest in Europe and other Western countries.<\/p>\n\n\n\n<p>However, this malware has been used against individuals and businesses alike, as information is stolen and potentially sold to third parties.&nbsp;This can include customer details, bank information, and important login information that can take down systems and put your finances at risk.<\/p>\n\n\n\n<p>To avoid falling victim&nbsp;update your teams to&nbsp;avoid downloading and installing web extensions that look suspicious and have not been directly recommended by Google and other trusted authorities.<\/p>\n\n\n\n<p>If you suspect that your systems have been infiltrated,&nbsp;scan your system with anti-virus software, and contact Action Fraud and the police to report an ongoing&nbsp;cyber crime.&nbsp;<\/p>\n\n\n\n<p>The NEBRC is a\u00a0not-for-profit\u00a0organisation that seeks to educate, inform, and\u00a0<a href=\"https:\/\/crcnetwork-cfkr6.projectbeta.co.uk\/northeastcrc\/services\/\">support<\/a>\u00a0businesses across the UK\u00a0in\u00a0protecting themselves against\u00a0cyber crime\u00a0and fraud.\u00a0Why not sign up for our\u00a0<a href=\"https:\/\/crcnetwork-cfkr6.projectbeta.co.uk\/northeastcrc\/core-membership-sign-up\/\">free core membership?<\/a>\u00a0You\u2019ll gain access to\u00a0<a href=\"https:\/\/crcnetwork-cfkr6.projectbeta.co.uk\/northeastcrc\/resources\/\">free cyber security resources<\/a>\u00a0and a regular newsletter so you can stay up to date with the latest\u00a0guidance.\u00a0<strong>For\u00a0further\u00a0advice\u00a0on protecting your business\u00a0online, please\u00a0contact us at\u00a0<\/strong><a href=\"mailto:enquiries@nebrcentre.co.uk\"><strong>enquiries@nebrcentre.co.uk<\/strong><\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Businesses and the IT teams should be aware of the following threat, which&nbsp;according to reports,&nbsp;is seeing a&nbsp;North Korean based&nbsp;cyber&nbsp;organisation&nbsp;\u2013 identified as&nbsp;Kimusuky&nbsp;\u2013 using a malicious browser&#8230;<\/p>\n","protected":false},"author":1,"featured_media":2188,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[13],"tags":[],"class_list":["post-2187","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news"],"acf":[],"_links":{"self":[{"href":"https:\/\/crcnetwork-cfkr6.projectbeta.co.uk\/northeastcrc\/wp-json\/wp\/v2\/posts\/2187","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/crcnetwork-cfkr6.projectbeta.co.uk\/northeastcrc\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/crcnetwork-cfkr6.projectbeta.co.uk\/northeastcrc\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/crcnetwork-cfkr6.projectbeta.co.uk\/northeastcrc\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/crcnetwork-cfkr6.projectbeta.co.uk\/northeastcrc\/wp-json\/wp\/v2\/comments?post=2187"}],"version-history":[{"count":0,"href":"https:\/\/crcnetwork-cfkr6.projectbeta.co.uk\/northeastcrc\/wp-json\/wp\/v2\/posts\/2187\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/crcnetwork-cfkr6.projectbeta.co.uk\/northeastcrc\/wp-json\/"}],"wp:attachment":[{"href":"https:\/\/crcnetwork-cfkr6.projectbeta.co.uk\/northeastcrc\/wp-json\/wp\/v2\/media?parent=2187"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/crcnetwork-cfkr6.projectbeta.co.uk\/northeastcrc\/wp-json\/wp\/v2\/categories?post=2187"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/crcnetwork-cfkr6.projectbeta.co.uk\/northeastcrc\/wp-json\/wp\/v2\/tags?post=2187"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}