Stay up to date with notifications from The Independent

Notifications can be managed in browser preferences.

North Korea-backed hackers posed as computer security bloggers to steal information, Google says

Experts say country is working to improve its ability to perform cyber attacks

Conrad Duncan
Wednesday 27 January 2021 12:14 EST
Comments
Google has not yet said how successful the hackers were in stealing information or what information may have been stolen
Google has not yet said how successful the hackers were in stealing information or what information may have been stolen (AFP via Getty Images)

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

Google has said it believes hackers backed by the North Korean government have been posing as computer security bloggers and using fake accounts on social media as part of attempts to steal information from researchers in the field.

North Korea has been linked to a number of major cyberattacks in recent years, such as a 2013 campaign which paralysed the servers of South Korean financial institutions, the hacking of Sony Pictures in 2014, and the WannaCry malware attack of 2017, but has denied involvement.

The tech company did not specify this week how successful the hackers had been or what kind of information could have been compromised.

Experts have said the country is working to improve its cyber skills and its ability to breach widely-used computer products, such as Google’s Chrome internet browser and Microsoft’s Windows 10 operating system.

In an online report published late on Monday, Adam Weidemann, a researcher from Google’s Threat Analysis Group, said that hackers supposedly backed by North Korea created a fake research blog and multiple Twitter profiles to build credibility with security researchers.

After connecting with researchers, the hackers asked them if they wanted to collaborate on cyber-vulnerability research and share a tool that contained a code designed to install malicious software on the targets’ computers.

This then allowed the hackers to take control of the device and steal information from it.

Mr Weidemann said several targeted researchers were compromised after following a Twitter link to a blog set up by the hackers.

“At the time of these visits, the victim systems were running fully patched and up-to-date Windows 10 and Chrome browser versions,” he wrote in the report.

“At this time we're unable to confirm the mechanism of compromise, but we welcome any information others might have.”

Google also published a list of social media accounts and websites it said were controlled by the hackers, including 10 Twitter profiles and five LinkedIn profiles.

In 2019, the UN Security Council estimated that North Korea had earned as much as $2bn (£1.46bn) over several years through illicit cyber operations targeting cryptocurrency exchanges and other financial transactions.

Simon Choi, a senior analyst at NSHC, a South Korean computer security firm, said cyberattacks linked to the country in recent years had demonstrated an improving ability in identifying and exploiting vulnerabilities in computer security systems.

“It's notable that the computer security experts on Twitter who said they were approached by the hackers had been engaged in vulnerability research for Chrome and Windows 10,” Mr Choi said.

“It's not that easy to successfully penetrate these systems that are built with the latest security technologies.

“For the North Koreans, it makes more sense to steal the vulnerabilities already discovered by the researchers because developing their own ways to exploit these systems is harder”

He added that before 2016, North Korean hackers had mainly relied on methods used by hackers in China or Russia.

Additional reporting by AP

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in