Posted on January 28, 2021 at 2:16 PM
Google has revealed that North Korean-backed hackers have been camouflaging as computer security bloggers to steal information from researchers in the field. According to the report, the attack is a reflection of the country’s efforts to gain access to top computer products from the top technology firms in the world.
However, Google didn’t provide any information regarding the type of data the hackers have compromised or whether they were successful in their hacking mission.
Following the incident, North Korea quickly released a statement, denying its involvement in the attack. But the Asian country has been known to sponsor hacking groups to steal data from government and corporations. North Korea has been linked to several attacks dating back as far as 8 years ago.
The same group also responsible for the 2013 Sony Pictures hack
In 2013, the North Korean-sponsored hackers launched an attack on South Korean Financial institutions, which paralyzed some of their servers. The group was also linked to the 2014 hack of Sony Pictures. More recently, they were also responsible for the WannaCry malware attack that occurred in 2017.
A researcher at Google’s Threat Analysis Group Adam Weidemann stated that the threat actors allegedly opened several Twitter profiles and a bogus research blog to establish connection and credibility with the security researchers.
In 2019, the United Nations Security Council stated that North Korea has made about $2 billion in illegal cyber operations throughout the years. In some cases, they target financial institution, while in other cases they target government organizations. Most times, they use cryptocurrencies as a medium of payment for ransom, which is much difficult to trade the illicit transactions back to them.
The U.N. revelation also pointed out that the North Korean government is channeling these illegally acquired financial resources towards its nuclear weapons program.
Hackers sought partnership with researchers
After the hackers have established connections with the researchers, they sought to know whether the researchers are interested in a partnership for cyber-vulnerability research. The aim is to allow the researcher to share tools they can plant malicious software on their systems. Once the hackers are successful, it will enable them to control the device and steal sensitive data from the systems.
The report revealed that many researchers were affected after the hackers set up a Twitter link on one of the fake blogs, according to Weidemann.
He however added that the victims are now trying to patch up their compromised systems with updates on the browsers.
“[…], the victim systems were running fully patched and up-to-date Windows 10 and Chrome browser versions,” Weidemann stated.
He also admitted that the Google team was not able to ascertain the mechanism of the breach.
Google has also published a list of websites and social media accounts supposedly used by the hackers to carry out their hideous cyber crimes. Among the social media accounts, there were five LinkedIn profiles and 10 Twitter profiles on the list.
Simon Choi, senior analysts at South Korean security firm NSHC, stated that the North Korean-backed cyber attackers are now more efficient and sophisticated in their trade. According to him, the hackers have improved in their ability to identify and exploit vulnerabilities in computer security systems.
Threat group devising new strategies
In the past, the North Korean hackers were copycats of the Russian and Chinese hackers, but the group has improved and is now using their strategies to compromise computer systems, Choi noted.
The security systems of these researchers are designed with the latest security technologies, so it makes it difficult to penetrate them. However, the North Korean hackers have seen it to be more effective to steal the already discovered vulnerabilities by the researchers. This is because, for them, it will be more difficult to develop their own ways to exploit the systems.
In 2018, a computer programmer, Park Jin Hyok, believed to be working for the North Korean government was charged to court by U.S. federal prosecutors. They accused him of the role he played in the breach of Sony Pictures as well as for releasing the Wannacry ransomware.
The 2017 WannaCry data breach led to the compromise of data on thousands of computers at firms, banks, and government agencies all over the world.