North Korean hackers are said to be attempting to gather information on the US government’s nuclear security policy by disguising themselves as journalists and academics.
According to U.S. media such as the New York Times (NYT), Washington Post (WP), and Bloomberg News on the 28th (local time), Mandiant, a global cyber security company and Google Cloud partner, has reported that North Korea’s cyber group has been attacking the U.S. and South Korean governments in recent months. It was revealed that they were disguising themselves as reporters from a specific media outlet to collect strategic information targeting institutions, academia, and think tanks.
According to Mandiant, hackers belonging to a group known as “APT43” masqueraded as reporters for the “Voice of America” broadcast and asked subject matter experts about nuclear security policy and arms proliferation.
Disguised as a VOA reporter, the hacker sent an anonymous expert a question asking, “Do you think Japan will increase its defense budget due to North Korea’s nuclear test?”
In addition, they pretended to be NYT recruiters and distributed fake e-mail attachments to those involved.
According to the WP, Bruce Klingner, a senior researcher at the Heritage Foundation, who is an expert on Northeast Asia, also received an email from Aidan Foster-Carter, an honorary senior researcher at the University of Leeds in the UK, asking if he could review the thesis of Jamie Kwong, a researcher at the Nuclear Policy Program at the Carnegie Endowment for International Peace.
Researcher Klingner readily agreed, and then began exchanging emails with Researcher Quanx about the thesis. Then, after receiving an e-mail containing a suspicious link, it was confirmed that the e-mail was a malicious program when it was forwarded to the IT team. All of the emails I’ve received have been traps. Neither Researcher Foster-Carter nor Researcher Quanx contacted Researcher Klingner.
Sandra Joyce, Mandiant’s head of foreign intelligence, said she was very certain that the hacking group belonged to North Korea’s intelligence agency, the Reconnaissance General Bureau. “Anyone could be a victim. They are an incredibly innovative and fragmented group.”
Security experts said APT43 is adept at stealing personally identifiable information and using that data to create fake web accounts and register domains, Bloomberg reported.
Hackers have even offered to pay academics hundreds of dollars to write research papers on their behalf.
APT43 has also registered a series of web domains to appear legitimate, such as impersonating the Cornell University homepage, to increase trust, Mandiant said.
They also use malicious apps to generate cryptocurrencies and steal usernames and passwords to carry out espionage activities focused on international negotiations on nuclear policy, Bloomberg reported.
In this regard, APT43 is said to be involved in cryptocurrency theft and money laundering targeting ordinary users, not large cryptocurrency exchanges.
Bloomberg said, “The move to impersonate an American journalist came after another hacking group allegedly backed by the Kim Jong-un regime focused on the cryptocurrency sector.”
According to blockchain analytics firm Chainalysis, North Korean hacking groups stole about $1.7 billion worth of cryptocurrency last year.
(Washington = News 1)
Source: Donga
Mark Jones is a world traveler and journalist for News Rebeat. With a curious mind and a love of adventure, Mark brings a unique perspective to the latest global events and provides in-depth and thought-provoking coverage of the world at large.