Google discloses North Korean cyberespionage closely linked to missile tests

By Kuksung Nam, The Readable
Apr. 4, 2023 7:52PM GMT+9

The hacking group Kimsuky, which works for the North Korean government, is expected to increase their cyberespionage campaigns as the country continues to conduct their ballistic missile program, according to a cyber threat expert on Tuesday.

“As we see more and more missile tests from North Korea, we will see more and more activities from the advanced persistent threat (APT) 43,” said Luke McNamara, a principal analyst at Google and previously at Mandiant before its acquisition by Google, in a media briefing held in Seoul. APT43 is a name given to the North Korean state-sponsored hacking group by the threat intelligence company that has been tracking the hacking group’s activities since 2018.

In the words of the expert, the hacking group has been conducting cyberespionage campaigns against policymakers and researchers to gather information on nuclear policy, sending compromised emails several hours after they launched basilic missiles. These activities have been crucial to the North Korean government, as they have scarce resources regarding foreign intelligence agents.

McNamara said that they have discovered two different types of spear-phishing attacks from North Korean hackers. A traditional spear-phishing attack is a practice where hackers send malicious emails to coax their targets into giving up their personal information or other sensitive information. The expert explained that the North Korean state-sponsored hackers simply asked someone who was working on the policy matters for strategic analysis on nuclear policy without embedding any malicious code in the emails.

“This is a fairly unique tactic,” said the expert. “We don’t really see this activity from Russian, Chinese, or Iranian threat actors. They are usually using malware or credential collection.” McNamara explained that one of the reasons the North Korean hackers are using this sort of attack method is that it could help avoid detection since it is more probable that a recipient would be suspicious of an email that has uncertain files attached rather than an email with a questionnaire.

nam@thereadable.co

The cover image of this article was designed by Areum Hwang.


Kuksung Nam is a journalist for The Readable. She has extensively traversed the globe to cover the latest stories on the cyber threat landscape and has been producing in-depth stories on security and privacy by engaging with industry giants, foreign government officials and experts. Before joining The Readable, Kuksung reported on politics for one of South Korea’s top-five local newspapers, The Kyeongin Ilbo. Her journalistic skills and reportage earned her the coveted Journalists Association of Korea award in 2021 for her essay detailing exclusive stories about the misconduct of a former government official. She holds a Bachelor’s degree in French from Hankuk University of Foreign Studies, a testament to her linguistic capabilities.