North Korean hackers behind ‘sophisticated’ effort to elicit views of experts

North KoreaA NOTORIOUS NORTH KOREAN hacker group is believed to be behind a “sophisticated” effort to elicit the views of international experts on issues that are of concern to Pyongyang, according to an investigation by Reuters. The news agency said its reporters had managed to uncover this previously unreported campaign with the help of cybersecurity experts and five individuals who had been targeted by the North Korean hackers.

The North Korean hacker group that is alleged to be behind this elicitation campaign is known among cybersecurity experts as Thallium, or Kimsuky. It has been active since at least 2012 and has orchestrated intensive “spear-phishing” attacks against international targets. Similarly to other hacker groups that have been active in the past decade, Thallium’s operations have centered on tricking its targets to download malware on their personal electronic devices, or to share sensitive information, including passwords.

Lately, however, the group has changed its tactics in striking ways, according to Reuters. Instead of trying to steal secrets, it has been involved in a campaign aimed at eliciting the views of Western experts on North Korean affairs. It has been doing so by directly contacting these experts with requests to review policy papers, or by commissioning opinion pieces on various aspects of North Korean politics, economy and society. The requests are camouflaged to appear as originating from respected think-tanks, universities or consultancy firms.

Since January of this year, when the first experts began to be contacted, “multiple” individuals have fallen victim to this elicitation campaign, according to experts at the Microsoft Threat Intelligence Center (MSTIC). They include policy experts working for Western governments, think-tank and university researchers, as well as human-rights campaigners. They have all fallen victim to “sophisticated” requests that use polished language and appear legitimate, according to Reuters.

In most cases, the elicitation emails promise a payment of $300.00 in return for reviewing a manuscript, authoring a short opinion piece, or recommending another expert who may be able to provide these services. However, none of the individuals who proceeded to provide these services have ever received any funds. Cybersecurity experts, who reviewed the elicitation campaign, told Reuters that the hackers never intended to provide any payments to targets.

Author: Joseph Fitsanakis | Date: 13 August 2022 | Permalink

%d bloggers like this: