Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Craig Hale

North Korean hackers are spoofing journalists to gather intelligence

North Korea

A joint cybersecurity advisory in the US has warned of North Korean state-sponsored cyber actors, who are said to be using social engineering to collect intelligence on geopolitical events, foreign policy strategies, and diplomatic efforts.

The warning comes from the Federal Bureau of Investigation (FBI), the US Department of State, the National Security Agency (NSA), the Republic of Korea’s National Intelligence Service (NIS), the National Police Agency (NPA), and the Ministry of Foreign Affairs (MOFA).

The alert, issued on 1 June 2023, describes cyber actors posing as journalists, academics, or other credible individuals, who are believed to be enabling computer network exploitation against individuals employed by research centers, think tanks, academic institutions, and news media organizations.

North Korean hacker attacks

In the report, the co-authors reveal sustained information-gathering efforts by North Korean cyber actors, observed by the governments of the US and South Korea.

It specifically calls out Kimsuky, which has been linked to North Korea’s Reconnaissance General Bureau (intelligence agency). The state-backed hacker group has been observed conducting “broad cyber campaigns in support of RGB objectives” for more than a decade.

Having used open-source information to identify targets, the co-authors explain how cyber actors “create email addresses that resemble email addresses of real individuals they seek to impersonate and generate domains that host the malicious content of a spearphishing message.”

Spoofed websites, portals, or mobile applications are also said to be employed for stealing credentials and other information that can be harvested by North Korean spies.

The FBI and its co-authors have issued a series of red flags, including innocuous-looking initial communications; legitimate content stolen from legitimate contacts; awkward structure and incorrect grammar; distinct Korean dialect; almost-believable email domains that are slightly different from a victim’s own, and other email spoofing. Malicious documents and persistent follow-ups are also features of the campaign.

Those who believe they could be at risk, including workers handling sensitive and government-linked information, are being urged to familiarize themselves with the full details of the potential scams by reading the full document.

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.