North Korea-backed hackers posed as computer security bloggers to steal information, Google says
Experts say country is working to improve its ability to perform cyber attacks
Your support helps us to tell the story
From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.
At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.
The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.
Your support makes all the difference.Google has said it believes hackers backed by the North Korean government have been posing as computer security bloggers and using fake accounts on social media as part of attempts to steal information from researchers in the field.
North Korea has been linked to a number of major cyberattacks in recent years, such as a 2013 campaign which paralysed the servers of South Korean financial institutions, the hacking of Sony Pictures in 2014, and the WannaCry malware attack of 2017, but has denied involvement.
The tech company did not specify this week how successful the hackers had been or what kind of information could have been compromised.
Experts have said the country is working to improve its cyber skills and its ability to breach widely-used computer products, such as Google’s Chrome internet browser and Microsoft’s Windows 10 operating system.
In an online report published late on Monday, Adam Weidemann, a researcher from Google’s Threat Analysis Group, said that hackers supposedly backed by North Korea created a fake research blog and multiple Twitter profiles to build credibility with security researchers.
After connecting with researchers, the hackers asked them if they wanted to collaborate on cyber-vulnerability research and share a tool that contained a code designed to install malicious software on the targets’ computers.
This then allowed the hackers to take control of the device and steal information from it.
Mr Weidemann said several targeted researchers were compromised after following a Twitter link to a blog set up by the hackers.
“At the time of these visits, the victim systems were running fully patched and up-to-date Windows 10 and Chrome browser versions,” he wrote in the report.
“At this time we're unable to confirm the mechanism of compromise, but we welcome any information others might have.”
Google also published a list of social media accounts and websites it said were controlled by the hackers, including 10 Twitter profiles and five LinkedIn profiles.
In 2019, the UN Security Council estimated that North Korea had earned as much as $2bn (£1.46bn) over several years through illicit cyber operations targeting cryptocurrency exchanges and other financial transactions.
Simon Choi, a senior analyst at NSHC, a South Korean computer security firm, said cyberattacks linked to the country in recent years had demonstrated an improving ability in identifying and exploiting vulnerabilities in computer security systems.
“It's notable that the computer security experts on Twitter who said they were approached by the hackers had been engaged in vulnerability research for Chrome and Windows 10,” Mr Choi said.
“It's not that easy to successfully penetrate these systems that are built with the latest security technologies.
“For the North Koreans, it makes more sense to steal the vulnerabilities already discovered by the researchers because developing their own ways to exploit these systems is harder”
He added that before 2016, North Korean hackers had mainly relied on methods used by hackers in China or Russia.
Additional reporting by AP
Join our commenting forum
Join thought-provoking conversations, follow other Independent readers and see their replies
Comments