North Korean Hackers Impersonate Journalists to Gather Sensitive Data on Nuclear Security Policy
Date
3/30/2023 4:07:56 AM
(MENAFN) According to Mandiant, a cybersecurity firm and a subsidiary of Google, a cyber-espionage group connected with North Korea, called APT43, has been using fake journalist personas to gather sensitive information on nuclear security policy. Mandiant released a report on Tuesday indicating that APT43 had been active in recent months, posing as journalists to contact organizations, academics, and think tanks mainly in the US and South Korea. The group has attempted to collect information on nuclear security policy and weapons proliferation by enquiring about these topics.
Mandiant's research found that the hackers used "creating numerous spoofed and fraudulent, but convincing personas" and leveraged stolen personally identifiable information to create accounts and register domains meant to look like legitimate websites, boosting the credibility of the group's cyber-espionage work. In one instance cited in the report, APT43 contacted experts by posing as Voice of America journalists. One message from an individual posing as a Voice of America correspondent asked an unnamed individual about their expectations for Japan's defense budget amid North Korean nuclear tests. The writer requested a response within five days.
Mandiant revealed a similar campaign in March, where suspected North Korean hackers distributed a fake email attachment that appeared to be from a recruiter for the New York Times. The firm's vice president and head of global intelligence, Sandra Joyce, noted that "anybody could be a victim of this. They're just incredibly innovative and a scrappy group."
Mandiant further mentioned that it tracks various activities throughout the year, but may not always have enough evidence to attribute them to a specific group. However, as the firm continues to observe more activity over time and its understanding of related threat clusters evolves, it may be able to name the threat actor, as it did with APT43.
MENAFN30032023000045012476ID1105905464
Legal Disclaimer:
MENAFN provides the information “as is” without warranty of any kind. We do not accept any responsibility or liability for the accuracy, content, images, videos, licenses, completeness, legality, or reliability of the information contained in this article. If you have any complaints or copyright issues related to this article, kindly contact the provider above.