North Korean hackers posed as NY Times, Voice of America staff

The group is particularly adept at stealing personally identifiable information and then using that data to create fake web accounts and register domains, security experts said. — Unsplash

Suspected North Korean hackers are posing as journalists and trying to gather intelligence about international officials’ approach to nuclear security policy and Kim Jong Un’s government, according to new research.

A prolific cyber-espionage group that’s targeted US and South Korean government organisations, academics and think tanks in recent months is using fabricated personas in order to collect strategic intelligence on behalf of North Korean leaders, according to findings published Tuesday by Mandiant, a threat intelligence unit of Google Cloud.

By masquerading as a journalist from Voice of America, a US-owned news network, members of the group known as APT43 are contacting subject-matter experts to inquire about nuclear security policy and weapons proliferation, researchers said. In a similar campaign revealed in March, Mandiant said suspected North Korean hackers also distributed a fake email attachment that appeared to be from a recruiter for the New York Times.

Mandiant is highly confident the group works on behalf of the Reconnaissance General Bureau, North Korea’s primary intelligence service, said Sandra Joyce, vice president and head of global intelligence.

"Anybody could be a victim of this," she said. "They're just incredibly innovative and a scrappy group.”

One message that appeared to be from a Voice of America correspondent asked an unnamed individual whether they expected Japan to increase its defense budget amid North Korean nuclear tests.

"I would be very grateful if you could send me your answers within five days,” the writer noted.

The group is particularly adept at stealing personally identifiable information and then using that data to create fake web accounts and register domains, security experts said. Hackers have also offered to pay scholars hundreds of dollars in exchange for writing a research paper on their behalf, Reuters reported.

APT43 also has registered a series of web domains meant to look like legitimate websites, including one page that impersonated Cornell University, meant to boost the credibility of the hackers’ cyber-espionage work, according to Mandiant. The same group has also uses malicious apps to generate cryptocurrency, steals usernames and passwords and conducts espionage focused on international negotiations about nuclear policy.

The move to impersonate US journalists comes after other hacking groups reportedly sponsored by Kim Jong Un’s government have intensely focused on the cryptocurrency sector. Hacking groups that US officials have linked to the North Korean government stole an estimated US$1.7bil in 2022, according to the blockchain analysis firm Chainalysis Inc. – Bloomberg

Subscribe now to our Premium Plan for an ad-free and unlimited reading experience!

Next In Tech News

Bain Capital offers to take data center provider Chindata private
India cabinet approves $11 billion revival plan for state-owned BSNL
South Korea, Taiwan stocks bag huge foreign inflow in May on chip demand
Meta plans new overview for Facebook, Instagram users, German regulator says
Apple TV's next update will add FaceTime, dialogue-enhancement feature, remote finder and more
Comms ministry urges Telegram to meet with MCMC to avoid action
France braces for power demand surge driven by EVs, alternative fuels
Kardashian crypto hype lawsuit advances over her alleged lies
OpenAI CEO suggests international agency like UN's nuclear watchdog could oversee AI
‘How much is conscience worth?’: Chinese woman rejects birth parents who gave her up and want her to ‘get along’ with brother she has never met

Others Also Read