Google: Hackers backed by North Korea tried to steal cyber research

Google’s threat analysis team earlier this week said that it had identified a hacking effort suspected to be centered in North Korea that targeted U.S.-based cybersecurity experts.

A post on the company’s blog claimed that researchers had identified a sophisticated and coordinated effort in which North Korean operatives allegedly make contact with U.S.-based cybersecurity workers through social media channels and other methods in the hopes of guiding the workers to sites or other opportunities for hackers to gain access to their systems.

Adam Weidemann, an official with Google’s threat research team, wrote in the blog post that the targets were largely “security researchers working on vulnerability research and development at different companies and organizations,” while blaming the attacks on “a government-backed entity based in North Korea.”

“In order to build credibility and connect with security researchers, the actors established a research blog and multiple Twitter profiles to interact with potential targets. They’ve used these Twitter profiles for posting links to their blog, posting videos of their claimed exploits and for amplifying and retweeting posts from other accounts that they control,” wrote Weideman.

A number of LinkedIn and Twitter profiles that Google researchers said were linked to the effort were suspended as of Wednesday morning. Representatives for LinkedIn and Google did not immediately return requests for comment. A Twitter spokesperson confirmed to The Hill in an email that dozens of accounts had been suspended in response to Google’s investigation.

“We’ve suspended 56 connected accounts for violations of our rules prohibiting platform manipulation, specifically operating fake accounts and publishing or linking to malicious content intended to damage or disrupt another personal device. We welcome the assistance of Google and Microsoft on this issue and we would like to express our gratitude to them,” said the spokesperson.

“In general, when we can reliably attribute activity to a state-backed actor, we disclose the associated accounts and Tweet content in full to our public archive. However, at this time, our investigation is ongoing and we will remain vigilant,” they continued.

News that North Korean hackers are allegedly targeting U.S. researchers in the cybersecurity field comes just under a year after a number of federal agencies issued a joint warning that a North Korean-based hacking group was targeting financial institutions.

“North Korea’s widespread international bank robbery scheme that exploits critical banking systems may erode confidence in those systems and presents risks to financial institutions across the world,” the agencies said in a joint statement last August.

UPDATED