Skip to content
Secnic Consultancy
  • Home
  • Services
    • Security Assessments
      • Security Compliance for Cloud Assets
      • Internet of Things Security Assessment
      • SAP Security Assessment
      • Penetration Testing
      • Source Code Review
      • Mobile Applications Security
      • Mobile Device Security
      • Web Application Security
      • Network Performance Audit
      • Data leakage Prevention
      • Database Activity Monitoring
    • Security Consulting
      • Online Brand Protection
      • Security Intelligence
      • Integrated SOC management
    • Security Compliances
      • ISO 27000 Series Consulting
      • ISO 20000 Consulting
      • COBIT Framework Consulting
      • Data classification
      • PCIDSS Consulting
  • Solution Integration
    • Web Application Firewall
    • Advanced Persistent Threat
    • Anti DDOS
  • About Us
  • Under Attack ?
  • Blog

STOLEN PENCIL Targets Academic Institutions

A new campaign, probably originating from Democratic People’s Republic of Korea, has been targeting educational institutions since at least may 2018.

Dubbed “STOLEN PENCIL,” the spear phishing campaign delivers emails that send unsuspecting users to a web site displaying a document that tricks them into putting in a malicious Google Chrome extension in order that the threat actors will then scavenge for credentials.

“In keeping with tried and true ways, the operators behind the stolen PENCIL campaign used spear-phishing as their initial intrusion vector,” a target of stolen PENCIL receives a spear-phishing message containing a link to at least one of many domains controlled by the threat actor.”

Once the malicious actors gain a footing, they use Microsoft’s Remote Desktop Protocol (RDP) for remote point-and-click access. This tactic indicates that someone – instead of an overseas access Trojan (RAT) with a command-and-control website – is truly behind the keyboard interacting with a compromised system. The threat actors are then ready to use an RDP to keep up persistence.

Additionally, the attackers have confidence integral Windows administrator tools and alternative business software package to sustain the attack. Once they need exploited the victim’s system, they leverage multiple ready-made sources, like method memory, internet browsers, network sniffing and key work, to reap passwords. Researchers haven’t nevertheless seen any proof of information felony, that has left them unable to work out the motivation of the attackers; but, several of the victims were specialists in medicine engineering.

“Using a mixture of purloined passwords, backdoor accounts, and a forced-open RDP service, the threat actors area unit seemingly to retain a footing on a compromised system,” the analysis team wrote.

While the ways and procedures of the threat actors are quite basic and that they have confidence ready-made tools, they spent loads of your time doing intelligence. additionally, the operators conjointly incontestable poor OPSEC and exposed their Korean language in each viewed websites and keyboard picks.

Post navigation

Ticketmaster Suffers Security Breach – Personal and Payment Data Stolen
Airline Industry Braces for Breach Impact

Latest Information Security News

Air Canada Suffers Data Breach — 20,000 Mobile App Users Affected
STOLEN PENCIL Targets Academic Institutions
Singapore’s Largest Healthcare Group Hacked, 1.5 Million Patient Records Stolen
Reddit Hacked – Emails, Passwords, Private Messages Stolen
Foreshadow Attacks — 3 New Intel CPU Side-Channel Flaws Discovered
New Apache Struts RCE Flaw Lets Hackers Take Over Web Servers
Researchers Observe Threat Actor Using Varied Tools and Payloads to Distribute Monero Miners
Hacker Discloses Unpatched Windows Zero-Day Vulnerability (With PoC)
Ticketmaster Suffers Security Breach – Personal and Payment Data Stolen
T-Mobile Hacked — 2 Million Customers’ Personal Data Stolen

Contact Us

    • Glossary
    • Case Studies
    • Security News
    • Advisories
    • White Papers
    • Annual Report
    • Newsletters
    • Incident Reports
    • Monthly Security Bulletin
    • Guidelines
    • Virus Alerts
    • Vulnerability Notes
    © 2023 Secnic Consultancy