North Korea Hackers Seek Cyber Research Through Fake Social Media Accounts, Google Says

North Korea Hackers Seek Cyber Research Through Fake Social Media Accounts, Google Says
North Korea hackers backed by Pyongyang have been posing as security bloggers or even using fake social media accounts to achieve their goal. Photo by Jens Schlueter/Getty Images

Google, the American multinational technology company, said it believed that North Korea hackers backed by Pyongyang have been posing as security bloggers or even using fake social media accounts in an attempt to steal information from field researchers.

The tech giant did not specify what kind of information the North Korea hackers were looking for or how successful they were.

According to the Associated Press, some experts mentioned that the series of attacks reflects Pyongyang's efforts in improving its cyber skills.

They also added that it is also a way of breaching widely used computer products, such as Microsoft's Windows 10 operating system and the Chrome internet browser of Google.

North Korea Denies Hacking Allegations

Despite North Korea's denial, the Hermit state has been tagged in major cyberattacks, including the 2013 campaign wherein the servers of a financial institute in South Korea were paralyzed, the Sony Pictures hacking in 2014, and the 2017 WannaCry malware attack.

The Security Council of the United Nations in 2019 estimated that Pyongyang earned as much as $2 billion throughout the years with its illicit cyber operations.

It was reported that they target cryptocurrency exchanges and other transactions in the financial world, which generates income that is harder to trace and offsets capital lost to the United States-led economic sanctions over its nuclear weapons program, ABC News reported.

Adam Weidemann, a member of the research division of Google, known as the Threat Analysis Group, has shared in an online report published late Monday that the North Korea hackers backed by Pyongyang created a fake research blog.

They have also registered numerous Twitter accounts to build credibility and establish interactions with security researchers that they have targeted.

Read also: North Korea Defector Deserts to South, Encourages North's Diplomats and Elitesn to Follow

Once the North Korea hackers get connected with the researchers, they would ask their targets if they are up for a collaboration in cyber-vulnerability research.

They will also be sharing a tool that contains a code designed for malicious software installed on the computers of their targets. It would then allow them to control the device where the malicious software has been installed and steal information from it.

Weidemann also shared that several targets of the North Korea hackers have already been compromised after they followed a link on Twitter that redirected them to a blog set up by the hackers, Hindustan Times reported.

The researcher from Google's Threat Analysis Group also mentioned that the systems of the victims were running fully patched at the time of the said visits. Their Windows 10 was also up-to-date and using Chrome browser versions.

However, they were not able to pinpoint the mechanism of compromise. They welcome any information that others might have regarding the said attack.

The tech giant Google also published a list of social media accounts and websites that were suspiciously controlled by the hackers, including ten profiles on Twitter and five LinkedIn profiles.

Related article: North Korea, Russia, China, and Iran Attempt to Steal COVID-19 Vaccine IP, Ex-Cyber Security Chief Says

Tags
Cyber security, Google
Real Time Analytics