North Korea-backed hackers posed as computer security bloggers to steal information, Google says

Google has said it believes hackers backed by the North Korean government have been posing as computer security bloggers and using fake accounts on social media as part of attempts to steal information from researchers in the field.

North Korea has been linked to a number of major cyberattacks in recent years, such as a 2013 campaign which paralysed the servers of South Korean financial institutions, the hacking of Sony Pictures in 2014, and the WannaCry malware attack of 2017, but has denied involvement.

The tech company did not specify this week how successful the hackers had been or what kind of information could have been compromised.

Experts have said the country is working to improve its cyber skills and its ability to breach widely-used computer products, such as Google’s Chrome internet browser and Microsoft’s Windows 10 operating system.

In an online report published late on Monday, Adam Weidemann, a researcher from Google’s Threat Analysis Group, said that hackers supposedly backed by North Korea created a fake research blog and multiple Twitter profiles to build credibility with security researchers.

After connecting with researchers, the hackers asked them if they wanted to collaborate on cyber-vulnerability research and share a tool that contained a code designed to install malicious software on the targets’ computers.

This then allowed the hackers to take control of the device and steal information from it.

Mr Weidemann said several targeted researchers were compromised after following a Twitter link to a blog set up by the hackers.

“At the time of these visits, the victim systems were running fully patched and up-to-date Windows 10 and Chrome browser versions,” he wrote in the report.

“At this time we’re unable to confirm the mechanism of compromise, but we welcome any information others might have.”

Google also published a list of social media accounts and websites it said were controlled by the hackers, including 10 Twitter profiles and five LinkedIn profiles.

In 2019, the UN Security Council estimated that North Korea had earned as much as $2bn (£1.46bn) over several years through illicit cyber operations targeting cryptocurrency exchanges and…