Dec 6, 2018 - World

"Stolen Pencil" data espionage campaign targets professors

Broken pencil.

Photo: Maciej Toporowicz/NYC

Hackers are targeting academics, particularly those with biomedical engineering backgrounds, in an espionage-like campaign to steal data. Arbor Networks ASERT team, who discovered the group, have dubbed the actors "Stolen Pencil."

Why it matters: Universities are gold mines of intellectual property. But ASERT notes that there is no evidence of data theft, leaving the purpose of the attacks a little unclear.

Details: Victims were sent links to a malicious browser extension that would open a secret connection to the victims' system. The hackers then uploaded a bevy of tools to harvest passwords from those machines.

There is some evidence that the attack may have come from North Korea, although not enough to say with any certainty.

  • During one session, a hacker changed the keyboard layout to Korean.
  • Some of the web addresses that can be linked to the hackers specifically mention North Korea.
  • The toolkit included software specifically designed to steal Ethereum cryptocurrency, which is in line with the Kim Jong-un regime's use of online cryptocurrency theft and other financially motivated attacks to compensate for sanctions.

Go deeper: Academic thieves love the University of Washington


Want more stories like this? Sign up for Axios Crypto

Go deeper