Thursday, September 21, 2023

How a North Korean Cyber Group Impersonated a DC Think Tanker

Here is more from CNBC: 

Six years ago, a well-respected researcher was working late into the night when she stepped away from her computer to brush her teeth. By the time she came back, her computer had been hacked.

Jenny Town is a leading expert on North Korea at the [Stimson Center] and the director of Stimson’s 38 North Program. Her work is built on on open-source intelligence, Town said on Monday. She uses publicly available data points to paint a picture of North Korean dynamics.

“I don’t have any clearance. I don’t have any access to classified information,” Town said at the conference.

But the hackers, a unit of North Korea’s intelligence services codenamed APT43, or KimSuky, were not only after classified information.

The hackers used a popular remote-desktop tool TeamViewer to access her machine and ran scripts to comb through her computer. Then her webcam light turned on, presumably to check if she had returned to her computer. “Then it went off real quickly, and then they closed everything down,” Town told attendees at the mWISE conference, run by Google-owned cybersecurity company Mandiant.

Town and Mandiant now presume the North Koreans had been able to exfiltrate information about Town’s colleagues, her field of study, and her contact list. They used that information to create a digital doppelganger of Town: A North Korean sock puppet that they could use to gather intelligence from thousands of miles away.

 

Here is more about Jenny Town's story from a previous report.