▲ This graphic image illustrates a North Korea-backed cyberattack threat. (Yonhap)

NK hackers-cyberattack

N. Korea-linked hacking group exploits Naver, Google ads to spread malware: report

SEOUL, Jan. 19 (Yonhap) -- A North Korea-linked hacking group has recently conducted a sophisticated malware distribution campaign by abusing online advertising systems operated by Naver and Google, a report showed Monday.

According to the online threat assessment report released by Genians Security Center, Konni, the hacking group tied to Kimsuky and other Pyongyang-sponsored hacking groups, has launched an advanced persistent threat (APT) campaign by exploiting the online portals' ad systems.

The group exploited a process referred to as click tracking used in online advertising, which routes users through intermediary web links before directing them to advertisers' websites.

Through fake intermediary web links, the group was found to have redirected users to external servers hosting malicious files.

According to the report, Konni initially focused on abusing Naver's advertising infrastructure but recently expanded its attacks through Google's ad system.

Analysts at the center said they identified the phrase "Poseidon-Attack" within the malware code, suggesting the hacking group has systematically managed the campaign under the Poseidon labeling.

Security experts warned that the campaign highlights the growing sophistication of state-backed North Korean cyberattacks and cautioned users to not open suspicious ad-linked email attachments, particularly those containing shortcut link files.

(END)

[ⓒ K-VIBE. 무단전재-재배포 금지]