North Korean hackers posed as The New York Times, Voice of America staff

A message that appeared to be from a Voice of America correspondent asked an expert whether they expected Japan to increase its defence budget amid North Korean nuclear tests. PHOTO: REUTERS
Updated
Mar 29, 2023, 06:27 PM
Published
Mar 29, 2023, 02:49 AM

NEW YORK – Suspected North Korean hackers are posing as journalists and trying to gather intelligence about international officials’ approach to nuclear security policy and Kim Jong Un’s government, according to new research. 

A prolific cyber-espionage group that hass targeted the United States and South Korean government organisations, academics and think-tanks in recent months, is using fabricated personas in order to collect strategic intelligence on behalf of North Korean leaders, according to findings published on Tuesday by Mandiant, a threat intelligence unit of Google Cloud. 

By masquerading as a journalist from Voice of America, a US-owned news network, members of the group known as APT43 are contacting subject-matter experts to inquire about nuclear security policy and weapons proliferation, researchers said.

In a similar campaign revealed in March, Mandiant said suspected North Korean hackers also distributed a fake email attachment that appeared to be from a recruiter for the New York Times. 

Mandiant is highly confident the group works on behalf of the Reconnaissance General Bureau, North Korea’s primary intelligence service, said Ms Sandra Joyce, vice-president and head of global intelligence. 

“Anybody could be a victim of this,” she said.

“They’re just incredibly innovative and a scrappy group.” 

One message that appeared to be from a Voice of America correspondent asked an unnamed individual whether they expected Japan to increase its defence budget amid North Korean nuclear tests.

“I would be very grateful if you could send me your answers within five days,” the writer noted. 

More On This Topic
Crypto 'mixer' used by North Korean hackers is slapped with US sanctions
How North Korea became a mastermind of crypto cyber crime

The group is particularly adept at stealing personally identifiable information and then using that data to create fake web accounts and register domains, security experts said.

Hackers have also offered to pay scholars hundreds of dollars in exchange for writing a research paper on their behalf, Reuters reported. 

APT43 also has registered a series of web domains meant to look like legitimate websites, including one page that impersonated Cornell University, meant to boost the credibility of the hackers’ cyber-espionage work, according to Mandiant.

The same group has also used malicious apps to generate cryptocurrency, steal usernames and passwords, and conduct espionage focused on international negotiations about nuclear policy. 

The move to impersonate US journalists comes after other hacking groups reportedly sponsored by Kim Jong Un’s government have intensely focused on the cryptocurrency sector.

Hacking groups that US officials have linked to the North Korean government stole an estimated US$1.7 billion (S$2.3 billion) in 2022, according to the blockchain analysis firm Chainalysis. BLOOMBERG

More On This Topic
North Korean hackers known as Lazarus Group suspected in S$139m Harmony heist
North Korean cyber spies deploy new tactic: Tricking experts into writing research for them

Join ST's Telegram channel and get the latest breaking news delivered to you.

Available for
iPhones and iPads
Available in
Google Play

MCI (P) 066/10/2023. Published by SPH Media Limited, Co. Regn. No. 202120748H. Copyright © 2024 SPH Media Limited. All rights reserved.

Back to the top