Dec 6, 2018 - World

"Stolen Pencil" data espionage campaign targets professors

Joe Uchill

Broken pencil. — Photo: Maciej Toporowicz/NYC

Hackers are targeting academics, particularly those with biomedical engineering backgrounds, in an espionage-like campaign to steal data. Arbor Networks ASERT team, who discovered the group, have dubbed the actors "Stolen Pencil."

Why it matters: Universities are gold mines of intellectual property. But ASERT notes that there is no evidence of data theft, leaving the purpose of the attacks a little unclear.

Details: Victims were sent links to a malicious browser extension that would open a secret connection to the victims' system. The hackers then uploaded a bevy of tools to harvest passwords from those machines.

There is some evidence that the attack may have come from North Korea, although not enough to say with any certainty.

During one session, a hacker changed the keyboard layout to Korean.
Some of the web addresses that can be linked to the hackers specifically mention North Korea.
The toolkit included software specifically designed to steal Ethereum cryptocurrency, which is in line with the Kim Jong-un regime's use of online cryptocurrency theft and other financially motivated attacks to compensate for sanctions.

Go deeper: Academic thieves love the University of Washington

Add Axios on Google

"Stolen Pencil" data espionage campaign targets professors

What to read next