Phishing

Twitter suspends accounts linked to North Korea hacking group

A North Korean flag is seen at the North Korean Embassy compound on Feb. 22, 2017, in Kuala Lumpur, Malaysia. (Photo by Rahman Roslan/Getty Images)

A member of Google’s Threat Analysis Group confirmed that two Twitter accounts recently shut down were part of a North Korea-backed campaign targeting security researchers.

Google reported on its blog in January that it discovered a months-long spearphishing campaign that targeted researchers focusing on discovering new software vulnerabilities. The North Korean threat actors posed as members of the research community and created various social media accounts where they interacted with legitimate researchers. The hackers even offered to collaborate on newly discovered exploits and sent researchers software code or site links with malware that compromised fully patched and updated computers.

Posting to Twitter on Oct. 15, threat analyst Adam Weirderman said the two accounts that were shut down were directly related to the spearphishing campaign reported earlier, and “leaned on the hype of 0 days to gain followers and build credibility.”

North Korean hacking groups stand out from their counterparts in Russia, China and Iran in the creativity of their hacking campaign tactics and the way they avoid using popular commercial offensive tools.

“They’re in some ways my favorite actor in cyberspace, because they’re just so incredibly innovative,” said Dmitri Alperovitch, executive chairman at the Silverado Policy Accelerator, told SC Media in May.

Stephen Weigand

Stephen Weigand is managing editor and production manager for SC Media. He has worked for news media in Washington, D.C., covering military and defense issues, as well as federal IT. He is based in the Seattle area.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.