Tuesday, December 13, 2022

North Korea Tricking Think Tankers Into Writing Research for Them

Here is more from Josh Smith of Reuters:

When Daniel DePetris, a U.S.-based foreign affairs analyst, received an email in October from the director of the 38 North think-tank commissioning an article, it seemed to be business as usual.

It wasn't.

The sender was actually a suspected North Korean spy seeking information, according to those involved and three cybersecurity researchers.

Instead of infecting his computer and stealing sensitive data, as hackers typically do, the sender appeared to be trying to elicit his thoughts on North Korean security issues by pretending to be 38 North director Jenny Town.

"I realized it wasn't legit once I contacted the person with follow up questions and found out there was, in fact, no request that was made, and that this person was also a target," DePetris told Reuters, referring to Town. "So I figured out pretty quickly this was a widespread campaign."

The email is part of a new and previously unreported campaign by a suspected North Korean hacking group, according to the cybersecurity experts, five targeted individuals and emails reviewed by Reuters.


The hackers reportedly offered Mr. DePetris $300 for reviewing a manuscript about North Korea's nuclear program.

The article notes that the hacking group, which has been dubbed Thallium or Kimsuky, among other names, typically has used spear-phishing emails that truck targets into giving up passwords or clicking links or attachments that load malware.  Now, however, the group is simply asking researchers to offer opinions or write reports.