On the evening of the 25th January 2021, Google’s Threat Analysis Group published details of attributed by them to “a government-backed entity based in North Korea”. a campaign targeting security researchers Google described the attack as using a “novel social engineering method”. Social engineering usually describes attacks that target the human factors of computer security, such as by using phishing emails or phone call impersonation. Whilst highly-competent security experts may consider themselves at reduced risk to such attacks, the successful use of these techniques against eminent security researchers shows how competent and manipulative the attackers responsible are. Alejandro Caceres, who was targeted by this attack, the attacker was vetted by a friend and was able to use a novel software vulnerability (known as a ) to engage his interest. Upon finding out the attack was attributed to North Korean hackers, he wrote : “I'm mad I fell for it now.” tweeted that zero-day in a subsequent tweet Kim Crawley, an information security writer, commented in the wake of Google’s blog post that , stating: “We must have humility.” security researchers shouldn’t assume immunity to such attacks Google also documented a technically sophisticated attack whereby a researcher was compromised simply by following a link from Twitter to a malicious blog, despite the fact that the "victim systems were running fully patched and up-to-date Windows 10 and Chrome browser versions". Google stated they were “unable to confirm the mechanism of compromise” but welcomed further information and noted that vulnerabilities of their browser are “eligible for reward payout” under Chrome's Vulnerability Reward Program. Ironically, in recent years, North Korea has made some academic contributions in computer science. One example can be found in a paper in November 2020. In a from 2017, the academic authors used North Korean email addresses whilst an author associated with PGItech Corp in Pyongyang used an email address served by Alibaba, a Chinese internet company. In the published version, the academic authors instead used Gmail and Outlook email addresses whilst the author affiliated with PGItech Corp continued to use the same Alibaba email address. published by the American Institute of Mathematical Sciences preprint version of the paper star-co.net.kp North Korea’s small internet footprint can deceive some cybersecurity researchers into underestimating it as a threat. Recorded Future reported that networks increased 300% from 2017 to 2019, but overall usage remains small. This may seem at odds to the reports that the DPRK as part of groups like Bureau 121, but great effort is taken to obfuscate hacking activity by North Korea. internet activity from North Korean has an army of over 6000 hackers Group-IB reported in 2017 that the infamous Lazarus hacker group to North Korea internet space through three layers of complex obfuscation. The group is considered an and is attributed with attempting to steal $1bn from the Central Bank of Bangladesh in 2016 and the attack on Sony Pictures in 2014. could be traced back Advanced Persistent Threat Other than technical obfuscation, research from HP in 2015 claims can be traced to a North Korean operated hotel in Shenyang, China. This corroborates , a computer science professor who defected from North Korea. Kim further stated that: "Bureau 121 began its large-scale operation in China in 2005. It was established in the late 90s." a large Bureau 121 outpost claims by Kim Heung-kwang North Korea has long obfuscated its malicious online activity through both technical measures and outposts. As the regime has increasingly had to turn cybercrime to obtain foreign currency, its online activity has become increasingly homogeneous with the broader internet. North Korean computer scientists are able to use Western webmail services like Outlook and Gmail whilst their hackers are able to manipulate and exploit eminent security researchers on social networks like Twitter. Needless to say, cyber security organisations and researchers will need to keep abreast of this increasing homogeneity to continue to monitor cyber security threats from North Korea.

Google

Sony

Twitter

2022 - HackerNoon Contributor of the Year - Code

2022 - HackerNoon Contributor of the Year - Coding Skills

2022 - HackerNoon Contributor of the Year - Software Architecture

Personal Site

Nominated for 2022 - HackerNoon Contributor of the Year - Coding Skills

Nominated for 2022 - HackerNoon Contributor of the Year - Software Architecture

Nominated for 2022 - HackerNoon Contributor of the Year - Code

Too Long; Didn't Read

Questions about cloud security? Get answers here.

North Korean Hackers Hide in Plain Sight

North Korean Hackers Hide in Plain Sight

Too Long; Didn't Read

People Mentioned

Companies Mentioned

Dr Junade Ali

About Author

TOPICS

THIS ARTICLE WAS FEATURED IN...

North Korean Hackers Hide in Plain Sight

Too Long; Didn't Read

People Mentioned

Companies Mentioned

Dr Junade Ali

About Author

TOPICS

THIS ARTICLE WAS FEATURED IN...

RELATED STORIES