North Korea hackers spy on nuclear, sanctions experts: report
North Korea-linked hackers have expanded their campaign to spy on experts researching nuclear deterrence, North Korea’s nuclear submarine program and North Korean economic sanctions, according to research from Prevailion.
The big picture: Countries often use espionage to prepare for upcoming actions like new sanctions, improve their bargaining position by better understanding their adversary's goals, or to see what other people know. This could be an example of any of those.
The North Korea-linked "Kimsuky" group has been previously tied to campaigns targeting South Korean entities and the academic sector. In this campaign, Kimsuky has sent phishing emails with Microsoft Word documents that can implant with malware. To a reader, the documents would appear to be:
- A U.S. Treasury document granting a sanctions license to the Carnegie Corporation
- A university affiliate's report on new North Korean ballistic missile submarines
- Speaker notes from a recent nuclear deterrence conference
While researchers have already publicly discussed the last document being used to hack systems, the first 2 documents potentially show an escalation in the scope of the campaign.
- The malware Kimsuky uses checks has been recently upgraded. The malware has added abilities to detect new antivirus programs, and now hides some of its coding in an obscure image file format that antivirus programs might not check.