North Korea : To target influential people in foreign governments and understand where Western Policy is headed towards North Korea, a prominent hacking organisation affiliated with Pyongyang called Thallium, and multiple North Korean Hackers are using spear-phishing emails that ask researchers and experts to offer opinions and write reports.
Hackers from North Korea are resorting to a new tactic. Instead of infecting the computer and stealing sensitive data, the new tactic hinges on eliciting thoughts and opinions on North Korean Security Issues.
These tactics are much quicker than hacking into someone’s account, wading through their emails, bypassing traditional technical security programmes that would scan and flag a message with malicious elements, and allowing the spies direct access to the experts’ thinking.
De Petris, a fellow with Defense Priorities and a columnist for several newspapers, said that the emails he received were written as if a researcher asked for a paper submission or comments on a draft.
An email he shared with Reuters highlighted how he offered 300 USD for reviewing a manuscript about the North Korean Nuclear Program and asked for recommendations for other possible reviewers. As expected, the hackers had no intention of paying the expert regarding their views on North Korea.
An example of this strategy surfaced when an email from a reporter working with Kyodo News asked the user how the War in Ukraine factored North Korean Thinking and posed questions about Russian, Chinese and American Policies.
According to a 2020 US Cyber Security Agencies report, Thallium is tasked by a North Korean Regime to go on a “global intelligence-gathering mission.” According to a Microsoft report, Thallium has been active since 2012 and has targeted government employees, think tanks, academics, and human rights organisations.”
Saher Neumann, a principal intelligence security analyst at BAE Systems, stated that Thallium and other hackers spent weeks or months developing trust with a target before sending malicious software or malware in further attacks. But according to Microsoft, they have engaged with experts in some cases without ever sending malicious files even after the victims respond.
Pyongyang has also stolen data from pharmaceutical, defence companies, foreign governments, and others. Recently, they have targeted Sony Pictures over a film as an insult to its leader.
North Korea is isolated from the rest of the world and is under the deepest sanctions. According to Western Intelligence Agencies, it has become reliant on impersonation and cyber campaigns. Impersonation is a common tactic used by spies all around the world.