Google says North Korea-backed hackers sought cyber research

Published: Updated:
Read Mode
100% Font Size
3 min read

Google says it believes hackers backed by the North Korean government have been posing as computer security bloggers and using fake accounts on social media while attempting to steal information from researchers in the field.

Google didn’t specify how successful the hackers were or what kind of information could have been compromised. Experts say the attacks reflect North Korean efforts to improve its cyber skills and be able to breach widely used computer products, such as Google’s Chrome internet browser and Microsoft’s Windows 10 operating system.

For the latest headlines, follow our Google News channel online or via the app.

While the country has denied involvement, North Korea has been linked to major cyberattacks, including a 2013 campaign that paralyzed the servers of South Korean financial institutions, the 2014 hacking of Sony Pictures, and the WannaCry malware attack of 2017.

The UN Security Council in 2019 estimated North Korea earned as much as $2 billion over several years through illicit cyber operations targeting cryptocurrency exchanges and other financial transactions, generating income that is harder to trace and offsets capital lost to US-led economic sanctions over its nuclear weapons program.

Adam Weidemann, a researcher from Google’s Threat Analysis Group, said in the online report published late Monday that hackers supposedly backed by North Korea created a fake research blog and multiple Twitter profiles to build credibility and interact with the security researchers they targeted.

North Korean leader Kim Jong Un in this image released June 7, 2020 by North Korea's Korean Central News Agency. (KCNA via Reuters)
North Korean leader Kim Jong Un in this image released June 7, 2020 by North Korea's Korean Central News Agency. (KCNA via Reuters)

After connecting with researchers, the hackers would ask them if they wanted to collaborate on cyber-vulnerability research and share a tool that contained a code designed to install malicious software on the targets’ computers, which would then allow the hackers to take control of the device and steal information from it.

Several targeted researchers were compromised after following a Twitter link to a blog set up by the hackers, Weidemann said.

“At the time of these visits, the victim systems were running fully patched and up-to-date Windows 10 and Chrome browser versions,” Weidemann wrote. “At this time we’re unable to confirm the mechanism of compromise, but we welcome any information others might have.”

Google published a list of social media accounts and websites it said were controlled by the hackers, including 10 Twitter profiles and five LinkedIn profiles.

In 2018, US federal prosecutors charged a computer programmer working for the North Korean government for his alleged involvement in the cyberattacks that hacked Sony Pictures and unleashed the WannaCry ransomware virus. Park Jin Hyok, who is believed to be in North Korea, conspired to conduct attacks that also stole $81 million from Bangladesh’s central bank, according to the charges.

The 2014 Sony hack led to the release of tens of thousands of confidential Sony emails and business files. The WannaCry cyberattack in 2017 scrambled data on hundreds of thousands of computers at government agencies, banks and other businesses across the globe and crippled parts of the British health care system.

Read more:

Overseas hackers stole over $11 bln unemployment funds: California official

Hackers allegedly leak account information, budget data of Hezbollah’s Qard al-Hasan

US agencies hacked in global cyberspying campaign that lasted months

Top Content Trending