Using Fake SNS Accounts to Approach Overseas Security Researchers
Fake social network service (SNS) accounts used by North Korea to hack computers of overseas cybersecurity researchers [Source=Google Threat Analysis Group Blog]
[Asia Economy Reporter Kim Suhwan] A report has emerged that North Korea created fake social networking service (SNS) accounts to approach overseas cybersecurity experts and attempted to steal their hacking skills.
On the 26th (local time), according to foreign media, Google's Threat Analysis Group (TAG) revealed that North Korean hackers disguised themselves as cybersecurity bloggers to approach security researchers and attempted hacking attacks. Google TAG stated, "North Korean hackers created fake SNS accounts posing as cybersecurity experts on platforms such as Twitter, LinkedIn, and Telegram," adding, "They used these accounts to approach overseas security experts by proposing joint research on security vulnerabilities." Google estimates that these hacking attempts were carried out by the Lazarus Group, a hacking unit closely linked to the North Korean government.
After approaching cybersecurity researchers in this way, North Korea sent programs to those researchers who accepted the 'joint research,' Google TAG reported. These programs contained malware and other malicious software, and it is known that they attempted to hack the security researchers' computers through these programs. Adam Weidman, a senior researcher at Google TAG, said, "In addition to these programs, we also found attempts to lure security researchers to access specific blogs to implant malware," adding, "Investigations revealed that some security researchers who downloaded programs sent by North Korean hackers or visited their blogs had their computers compromised."
Analysis suggests that the purpose of these North Korean hacking attempts was to steal the hacking skills of cybersecurity researchers. By directly accessing the researchers' computers, they aimed to steal their research data. The U.S. IT media outlet ZDNet reported, "North Korea likely intended to use the stolen data to develop their own cyber hacking capabilities."
Along with the announcement, Google disclosed the SNS accounts and blog websites suspected to have been used by the hackers.
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
