July 14, 2024


WASHINGTON, D.C. — Six years ago, a well-respected researcher was working late into the night when she stepped away from her computer to brush her teeth. By the time she came back, her computer had been hacked.

Jenny Town is a leading expert on North Korea at the Stimson Institute and the director of Stimson’s 38 North Program. Her work is built on on open-source intelligence, Town said on Monday. She uses publicly available data points to paint a picture of North Korean dynamics.

“I don’t have any clearance. I don’t have any access to classified information,” Town said at the conference.

But the hackers, a unit of North Korea’s intelligence services codenamed APT43, or KimSuky, were not only after classified information.

The hackers used a popular remote-desktop tool TeamViewer to access her machine and ran scripts to comb through her computer. Then her webcam light turned on, presumably to check if she had returned to her computer. “Then it went off real quickly, and then they closed everything down,” Town told attendees at the mWISE conference, run by Google-owned cybersecurity company Mandiant.

Town and Mandiant now presume the North Koreans had been able to exfiltrate information about Town’s colleagues, her field of study, and her contact list. They used that information to create a digital doppelganger of Town: A North Korean sock puppet that they could use to gather intelligence from thousands of miles away.

In D.C., every embassy has an intelligence purpose, Town explained. People attached to the embassy will try to take the pulse of the city to gauge what policy might be in the pipeline or how policymakers felt about a particular country or event.

But North Korea has never had diplomatic relations with the U.S. Its intelligence officers can’t stalk public events or network with think tanks.

The country could fill that void by obtaining intelligence through hacking into government systems, a challenging task even for sophisticated actors. But APT 43 targets high-profile personalities and uses them to collect intelligence.

Within weeks, the fake Town began to reach out to prominent researchers and analysts pretending to be her.

“It’s a lot of social engineering. It’s a lot of sending fake emails, pretending to be me, pretending to be my staff, pretending to be reporters,” Town said.

“They’re literally just trying to get information or trying to establish a relationship in the process where eventually they may impose malware, but it’s usually just a conversation-building device,” Town said.

The group behind Town’s clone has been tied to cryptocurrency laundering operations and influence campaigns, and has targeted other academics and researchers.

The tactic still works, although widening awareness has made it less effective than before. The most susceptible victims are older, less-tech-savvy academics who don’t scrutinize domains or emails for typos.

Adding to the complexity, when the real people reach out to potential victims to try to warn them they’ve been talking with a North Korean doppelganger, the targets often refuse to believe them.

“I have a colleague who I had informed that he was not talking to a real person,” Town said.

But her colleague didn’t believe her, Town said, and decided to ask the doppelganger if he was a North Korean spy. “So of course, the fake person was like, ‘Yes, of course, it’s me,'” Town said at the conference.

Ultimately, her colleague heeded her warnings and contacted the person he thought he was corresponding with another way. The North Korean doppelganger, in the meantime, had decided to break off contact and in a bizarre turn of events, apologized for any confusion and blamed it on “Nk hackers.”

“I love it,” joked Mandiant North Korea analyst Michael Barnhart. “North Korea apologizing for them pretending to be somebody.”


Source link

Leave a Reply

Your email address will not be published. Required fields are marked *

Batman138 Bro138 Dolar138 Gas138 Gudang138 Hoki99 Ligaciputra Panen77 Zeus138 Kilat77 Planet88 Gaspol168 Sikat88 Rupiah138 Garuda138 Gacor77 Roma77 Sensa138 Panen138 Slot138 Gaco88 Elanggame Candy99 Cair77 Max7 Best188 Space77 Sky77 Luxury777 Maxwin138 Bosswin168 Cocol88 Slot5000 Babe138 Luxury138 Jet77 Bonanza138 Bos88 Aquaslot Taktik88 Lord88 Indobet Slot69 Paus138 Tiktok88 Panengg Bingo4d Stars77 77dragon Warung168 Receh88 Online138 Tambang88 Asia77 Klik4d Bdslot88 Gajah138 Bigwin138 Markas138 Yuk69 Emas168 Key4d Harta138  Gopek178 Imbaslot Imbajp Deluna4d Luxury333 Pentaslot Luxury111 Cair77 Gboslot Pandora188 Olxtoto Slotvip Eslot Kuy138 Imbagacor Bimabet