"Hackers Posed as Reporters in Attacks on North Korea Experts, Google Says"

According to a new report by researchers from Google's Threat Analysis Group (TAG), government-sponsored hackers with ties to the North Korean military posed as journalists and targeted individuals with expertise in North Korea policy issues. TAG's report is a follow-up to one published by the cybersecurity firm Mandiant that highlighted the work of APT43, a group of alleged North Korean government hackers who have spent years conducting espionage campaigns against South Korea and US government and business organizations. Since 2012, TAG researchers have used the name "ARCHIPELAGO" to track a subset of APT43 activity. Their team has observed the group targeting experts in North Korea policy issues such as sanctions, human rights, and non-proliferation issues. These targets include Google and non-Google accounts belonging to government and military personnel, think tanks, policymakers, academics, and researchers in South Korea, the US, and other countries, according to the researchers. They noted that the attackers use various techniques, from phishing emails to malicious Chrome extensions. ARCHIPELAGO often sends phishing emails in which they pose as a media outlet or think tank representative and ask North Korea experts to participate in a media interview or Request For Information (RFI). This article continues to discuss hackers masquerading as journalists in attacks against people with expertise in North Korea policy issues.

The Record reports "Hackers Posed as Reporters in Attacks on North Korea Experts, Google Says"