North Korean cyber spies are using new tactics. Instead of planting different kinds of malware, they are approaching their targets with requests to write research articles or provide expert commentaries.
Of course, everything is still being done in total secrecy. Pretending to be someone else is a traditional way to gain the trust of an unsuspecting hacking victim. Usually, hackers use this strategy to retrieve passwords from secured systems, or plant computer bugs to manipulate affected computers by gathering intelligence data or even forcing them to become nodes in wide-scale botnets.
New trend of cyber-spying
The latest trend goes beyond ‘classics’. According to the report by Reuters, spies are now writing emails to influential people close to foreign governments or large companies with requests to provide opinions, write reports, or research articles.
The hacking group which is the originator of this type of “spear-phishing” email tactics has been named by cybersecurity researchers Thallium or Kimsuky. The letters are being written from fake accounts with fake names. The best way to verify the legitimacy of the request is to send a request for an additional information to the official institution, which the attacker claims he is a member of.
What “phishing” questions could be expected in this case?
According to experts, North Korean hackers currently look for information on various insights about the political decisions of Western countries. They are often interested in data regarding policy toward China. Also, there could be requests to provide “reviewer recommendations” for “research papers”.
North Korean embassy denies having any connections to cyber espionage.
It should be noted that cyber attackers have lots of patience: they can spend weeks or even months in order to gain considerable trust with their targeted person. This gives them the opportunity to achieve similar goals with the least effort: they do not need to bypass security measures, while for security specialists it is troublesome to spot such emails and prevent related attacks.
What are the typical signs to watch for?
Researchers note that users should pay attention to email account endings (domains). Hackers often use emails with rare endings, such as .live instead of .org, and similar. If not sure, you should seek additional insights from your colleagues, because otherwise these requests are engineered at a high level: they are well-written and contain official logos, making all the correspondence look completely legitimate.