North Korea-backed hackers posed as computer security bloggers to steal information, Google says

Experts say country is working to improve its ability to perform cyber attacks

Conrad Duncan
Wednesday 27 January 2021 17:14
<p>Google has not yet said how successful the hackers were in stealing information or what information may have been stolen</p>

Google has not yet said how successful the hackers were in stealing information or what information may have been stolen

Google has said it believes hackers backed by the North Korean government have been posing as computer security bloggers and using fake accounts on social media as part of attempts to steal information from researchers in the field.

North Korea has been linked to a number of major cyberattacks in recent years, such as a 2013 campaign which paralysed the servers of South Korean financial institutions, the hacking of Sony Pictures in 2014, and the WannaCry malware attack of 2017, but has denied involvement.

The tech company did not specify this week how successful the hackers had been or what kind of information could have been compromised.

Experts have said the country is working to improve its cyber skills and its ability to breach widely-used computer products, such as Google’s Chrome internet browser and Microsoft’s Windows 10 operating system.

In an online report published late on Monday, Adam Weidemann, a researcher from Google’s Threat Analysis Group, said that hackers supposedly backed by North Korea created a fake research blog and multiple Twitter profiles to build credibility with security researchers.

After connecting with researchers, the hackers asked them if they wanted to collaborate on cyber-vulnerability research and share a tool that contained a code designed to install malicious software on the targets’ computers.

This then allowed the hackers to take control of the device and steal information from it.

Mr Weidemann said several targeted researchers were compromised after following a Twitter link to a blog set up by the hackers.

“At the time of these visits, the victim systems were running fully patched and up-to-date Windows 10 and Chrome browser versions,” he wrote in the report.

“At this time we're unable to confirm the mechanism of compromise, but we welcome any information others might have.”

Google also published a list of social media accounts and websites it said were controlled by the hackers, including 10 Twitter profiles and five LinkedIn profiles.

In 2019, the UN Security Council estimated that North Korea had earned as much as $2bn (£1.46bn) over several years through illicit cyber operations targeting cryptocurrency exchanges and other financial transactions.

Simon Choi, a senior analyst at NSHC, a South Korean computer security firm, said cyberattacks linked to the country in recent years had demonstrated an improving ability in identifying and exploiting vulnerabilities in computer security systems.

“It's notable that the computer security experts on Twitter who said they were approached by the hackers had been engaged in vulnerability research for Chrome and Windows 10,” Mr Choi said.

“It's not that easy to successfully penetrate these systems that are built with the latest security technologies.

“For the North Koreans, it makes more sense to steal the vulnerabilities already discovered by the researchers because developing their own ways to exploit these systems is harder”

He added that before 2016, North Korean hackers had mainly relied on methods used by hackers in China or Russia.

Additional reporting by AP

Join our new commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

View comments