North Korean hackers posed as NY Times, Voice of America staff


The group is particularly adept at stealing personally identifiable information and then using that data to create fake web accounts and register domains, security experts said. — Unsplash

Suspected North Korean hackers are posing as journalists and trying to gather intelligence about international officials’ approach to nuclear security policy and Kim Jong Un’s government, according to new research.

A prolific cyber-espionage group that’s targeted US and South Korean government organisations, academics and think tanks in recent months is using fabricated personas in order to collect strategic intelligence on behalf of North Korean leaders, according to findings published Tuesday by Mandiant, a threat intelligence unit of Google Cloud.

By masquerading as a journalist from Voice of America, a US-owned news network, members of the group known as APT43 are contacting subject-matter experts to inquire about nuclear security policy and weapons proliferation, researchers said. In a similar campaign revealed in March, Mandiant said suspected North Korean hackers also distributed a fake email attachment that appeared to be from a recruiter for the New York Times.

Mandiant is highly confident the group works on behalf of the Reconnaissance General Bureau, North Korea’s primary intelligence service, said Sandra Joyce, vice president and head of global intelligence.

"Anybody could be a victim of this," she said. "They're just incredibly innovative and a scrappy group.”

One message that appeared to be from a Voice of America correspondent asked an unnamed individual whether they expected Japan to increase its defense budget amid North Korean nuclear tests.

"I would be very grateful if you could send me your answers within five days,” the writer noted.

The group is particularly adept at stealing personally identifiable information and then using that data to create fake web accounts and register domains, security experts said. Hackers have also offered to pay scholars hundreds of dollars in exchange for writing a research paper on their behalf, Reuters reported.

APT43 also has registered a series of web domains meant to look like legitimate websites, including one page that impersonated Cornell University, meant to boost the credibility of the hackers’ cyber-espionage work, according to Mandiant. The same group has also uses malicious apps to generate cryptocurrency, steals usernames and passwords and conducts espionage focused on international negotiations about nuclear policy.

The move to impersonate US journalists comes after other hacking groups reportedly sponsored by Kim Jong Un’s government have intensely focused on the cryptocurrency sector. Hacking groups that US officials have linked to the North Korean government stole an estimated US$1.7bil in 2022, according to the blockchain analysis firm Chainalysis Inc. – Bloomberg

Follow us on our official WhatsApp channel for breaking news alerts and key updates!
   

Next In Tech News

Exclusive-Amazon likely to face investigation under EU tech rules next year, sources say
US natgas producers chase AI-driven surge in power demand to weather low prices
Snowflake shares surge on rosy forecast, AI deal with Anthropic
Digital banks lead profitability gains among Brazilian lenders, says central bank
PayPal fixes outage that affected thousands worldwide
X's former top policy chief takes job with Elon Musk rival, Sam Altman
Alibaba integrates e-commerce platforms into a single business unit
US watchdog issues final rule to supervise Big Tech payments, digital wallets
Nvidia to build AI school in Indonesia, VP says
A Google PC running Android could be in the works

Others Also Read