North Korean Hacker Recently Employed Social Media to Launch a Cyberattack

A recent investigation found that the cybercrime group is using smishing attacks to target Android smartphone users.

North Korean Hacker Recently Employed Social Media to Launch a Cyberattack
North Korean Hackers Enhanced their Spear Phishing Techniques | Image credits: Teiss

North Korean hacking group Kumsong 121 has lately launched a series of cyberattacks that have taken advantage of social media platforms. North Korea's cyber capabilities are becoming increasingly sophisticated, and users of computers and mobile phones should exercise caution, according to Daily NK.

The new advanced persistent threat (APT)  activity has been discovered by EST Security in a press release from Kumsong 121 that was disclosed on Tuesday by the security firm. Instead of sending an email, the offenders utilized an innovative method in which they became friends with the victim on social media and then sent them an infected file to infect them. Having successfully hacked into a social media account, the attackers went on to find their next targets by contacting the victims' social media acquaintances. After taking advantage of the target's lack of knowledge, the hackers made friends with them by sending them text messages that were full of warmth and topics of similar interest, such as gossip, to make them feel welcome.

North Korean hackers improved their spear-phishing techniques

Aside from that, they used email to infect the victim with malware, in order to get feedback on a column they claimed to have written about North Korean political affairs. A macro virus has been attached to this email, and if the recipient accepts to download the file, the virus will infect the target's computer, causing it to crash and freeze. Using the social media feature of spear-phishing to target specific individuals, the attackers exploited the technique as a natural extension of standard spear phishing techniques.

As a matter of fact, a North Korean hacker group recently attempted to distribute an infected file by hijacking the social media account of a North Korean defector and conversing with its acquaintances.

Furthermore, Kumsong 121 is a mobile application that is optimized for Android devices. Kumsong 121, according to EST Security, was engaged in smishing attacks, which is an abbreviation for SMS phishing attacks that target Android smartphone users. Installing malicious Android applications can allow hackers to access the victims' contact information, such as phone numbers and call logs. They can also view their addresses and address books. They can also view texts and photographs stored on their phones.

According to Mun Chong Hyun, the chairman of the ESTsecurity Security Response Center (ESRC), Kumsong 121 obtained personal information from a number of important South Koreans, including a particular lawmaker (ESRC). He explained that hackers continue to target North Korea's space sector workers by using websites established by North Korea-focused groups or bogus Facebook accounts.