North Korean hackers posed as NY Times, Voice of America staff


The group is particularly adept at stealing personally identifiable information and then using that data to create fake web accounts and register domains, security experts said. — Unsplash

Suspected North Korean hackers are posing as journalists and trying to gather intelligence about international officials’ approach to nuclear security policy and Kim Jong Un’s government, according to new research.

A prolific cyber-espionage group that’s targeted US and South Korean government organisations, academics and think tanks in recent months is using fabricated personas in order to collect strategic intelligence on behalf of North Korean leaders, according to findings published Tuesday by Mandiant, a threat intelligence unit of Google Cloud.

By masquerading as a journalist from Voice of America, a US-owned news network, members of the group known as APT43 are contacting subject-matter experts to inquire about nuclear security policy and weapons proliferation, researchers said. In a similar campaign revealed in March, Mandiant said suspected North Korean hackers also distributed a fake email attachment that appeared to be from a recruiter for the New York Times.

Mandiant is highly confident the group works on behalf of the Reconnaissance General Bureau, North Korea’s primary intelligence service, said Sandra Joyce, vice president and head of global intelligence.

"Anybody could be a victim of this," she said. "They're just incredibly innovative and a scrappy group.”

One message that appeared to be from a Voice of America correspondent asked an unnamed individual whether they expected Japan to increase its defense budget amid North Korean nuclear tests.

"I would be very grateful if you could send me your answers within five days,” the writer noted.

The group is particularly adept at stealing personally identifiable information and then using that data to create fake web accounts and register domains, security experts said. Hackers have also offered to pay scholars hundreds of dollars in exchange for writing a research paper on their behalf, Reuters reported.

APT43 also has registered a series of web domains meant to look like legitimate websites, including one page that impersonated Cornell University, meant to boost the credibility of the hackers’ cyber-espionage work, according to Mandiant. The same group has also uses malicious apps to generate cryptocurrency, steals usernames and passwords and conducts espionage focused on international negotiations about nuclear policy.

The move to impersonate US journalists comes after other hacking groups reportedly sponsored by Kim Jong Un’s government have intensely focused on the cryptocurrency sector. Hacking groups that US officials have linked to the North Korean government stole an estimated US$1.7bil in 2022, according to the blockchain analysis firm Chainalysis Inc. – Bloomberg

Follow us on our official WhatsApp channel for breaking news alerts and key updates!
   

Next In Tech News

Poco launches its C75 smartphone (priced from RM499) and Poco Pad (from RM1,399) in Malaysia
Chinese social media buzzes with admiration for Trump’s comeback
In this US school district, some parents are pushing back against a cellphone ban
After Trump took the lead, election deniers went suddenly silent
Australia moves to ban children under 16 from social media
South Korea fights deepfake porn with tougher punishment and regulation
PlayStation 5 Pro goes on sale, will gamers pay hefty price to play?
Roblox will ban kids under 13 from ‘social hangouts’
This robot can fold laundry
Canada orders TikTok’s Canadian business to be dissolved but won’t block app

Others Also Read