North Korean hackers steal ex-intelligence official’s emails in malware attack

News

North Korean hackers steal ex-intelligence official’s emails in malware attack

DPRK-linked ScarCruft group sends novel malware to journalist after gaining access to former director’s emails

Nils Weisensee April 1, 2022

North Korean hackers steal ex-intelligence official’s emails in malware attack

Cybersecurity firm Stairwell's analysis of the novel malware GOLDBACKDOOR that was sent to an NK News journalist | Image: NK News

Hackers linked to North Korea appear to have broken into the private computer of a former South Korean intelligence official as part of an effort to target journalists with a previously unknown type of malware, an NK News investigation with cybersecurity firm Stairwell revealed.

After gaining access to the email account of a former director at South Korea’s National Intelligence Service (NIS), the attackers copied the content of past conversations with the official to send spoofed emails from a similar-looking address — [email protected] — to NK News founder Chad O’Carroll. The tactic allowed the hackers to avoid using the intelligence official’s real email account to send emails and risk detection, while making the malicious lures more believable.

About the Author

Nils Weisensee

Nils Weisensee is Director of News Operations at Korea Risk Group and covers cybersecurity for NK Pro. He previously founded information security firm Frontier Intelligence, served as head of operations at non-profit Choson Exchange, and was a reporter for DAPD and the Associated Press.

View more articles by Nils Weisensee EMAIL Twitter Linkedin Got a news tip?Let us know!