Home of Lisa's Top Ten, the daily email that brings you the world.
DONATE
SUBSCRIBE
The first task of the day

Sign Up for Lisa's Top Ten

Untitled(Required)

North Korean Hacker Group Impersonates Journalists and Academics to Commit Espionage

Mandiant has graduated an espionage-focused North Korean hacking group to full APT status as its operators have targeted policymakers, think tanks and academics in the U.S., Japan, South Korea and Europe. (Image Source: narvikk via Getty Images)
Mandiant has graduated an espionage-focused North Korean hacking group to full APT status as its operators have targeted policymakers, think tanks and academics in the U.S., Japan, South Korea and Europe. (Image Source: narvikk via Getty Images)

A group of cyber spies who are believed to be backed by the North Korean government, have been identified as posing as journalists and academics, to trick individuals into providing sensitive information that can be used for espionage. The group, identified as APT43, has been tracked for five years by Google Cloud's cybersecurity subsidiary firm, Mandiant.

The group has also been referred to as "Kimsuky" or "Thallium" by other firms. Mandiant's analysts have attributed activity to the group, and have noted that APT43 has targeted South Korean and U.S. government organizations and think tanks that deal with North Korean geopolitical issues.

Additionally, the group engages in cybercrime to steal and launder cryptocurrency. The report reveals that APT43 spoofs the websites of legitimate organisations to trick its targets into giving out information. The group's fluidity in adapting to the needs of the regime and shifting their targeting accordingly has raised concerns among experts.

The primary method used by APT43 involves impersonating journalists or experts in phishing emails. The group aims to extract information from its targets by posing as a reporter or a think tank analyst. A common tactic is to ask experts and academics to answer questions related to North Korea, thereby collecting intelligence. The attackers often pretend to be well-known individuals in their respective fields, in order to build trust and rapport before requesting strategic analysis on specific topics. By using this approach, APT43 can easily deceive its victims into divulging sensitive information that can be used for spying.

According to Mandiant, there has been a shift in APT43's activities, with an increased focus on targeting the healthcare sector. The aim of these attacks is likely to gather information that can be used to support a North Korean response to COVID-19.

Total
0
Shares
Related Posts