How a North Korean cyber group impersonated an analyst in Washington, D.C.


  • Jenny Town is the director of Stimson’s 38 North Program and a recognized authority on North Korea.
  • Town disclosed this information at Mandiant’s mWISE conference on Monday. It happened about six years ago when North Koreans broke into her computer and stole some personal data.
  • Then, they created an impostor using that information who attempted to elicit additional information from Town’s coworkers by using their names.

A reputable researcher was working late into the night six years ago when she left her computer to brush her teeth. Her computer had been compromised by the time she returned.

Jenny Town is the director of Stimson’s 38 North Program and a recognized authority on North Korea. According to Town’s remarks from Monday, her work is based on open-source intelligence. She depicts North Korean dynamics using information that is readily accessible to the general public.

“I don’t have any authorization. Town stated at the conference, “I don’t have access to any classified information.

However, the hackers, a division of North Korea’s intelligence services known by the codename APT43, or KimSuky, weren’t just after sensitive data.

The hackers gained access to her computer using the well-known remote desktop program TeamViewer, then used scripts to search through her computer. Then, it appeared as though she was checking to see if she was back at her computer when her webcam light came on. Town told conference attendees at the Google-hosted mWISE conference, “Then it went off really quickly, and then they closed everything down.”.
Mandiant, a privately held cybersecurity firm.

Town and Mandiant currently believe the North Koreans were successful in obtaining information about Town’s associates, her area of study, and her contact list. They made a digital copy of Town using that information, turning it into a North Korean sock puppet they could use to gather intelligence from a great distance away.

Within DdotC. Every embassy serves an intelligence function, according to Town. To determine what policies might be in the works or how policymakers felt about a specific nation or event, those connected to the embassy will try to get a feel for the city.

On the other hand, North Korea and the U.S. have never had diplomatic ties. S. Its intelligence agents are unable to follow people at events or make connections with think tanks.

The nation could fill that gap by gathering intelligence by breaking into official systems, a difficult task even for highly skilled actors. However, APT 43 uses well-known individuals as a means of gathering intelligence.

Within weeks, the fictitious Town started corresponding with renowned researchers and analysts under the guise of being her.

A lot of social engineering is involved. It involves a lot of pretending to be me, my staff, or reporters while sending fake emails, according to Town.

“They’re literally just trying to get information or trying to build a relationship in the process where eventually they may impose malware, but it’s usually just a conversation-building device,” Town said.

The group responsible for Town’s clone has been linked to cryptocurrency-related influence peddling schemes and has also targeted other academics and researchers.

Though its effectiveness has decreased due to increased awareness, the tactic still works. Older, less tech-savvy academics who don’t carefully check domains or emails for typos are the most vulnerable victims.

The fact that the targets frequently reject the real people’s attempts to warn them that they have been speaking with a North Korean doppelganger adds to the complexity.

Town said, “I have a colleague who I informed he was not speaking to a real person.

The doppelganger was questioned by her colleague to see if he was a North Korean spy because she claimed that her colleague didn’t believe her. Therefore, it was only natural that the fake person would say, “Yes, of course, it’s me,” Town said at the conference.

In the end, her colleague paid attention to her advice and made contact with the person he believed he was corresponding with in a different way. In the interim, the North Korean impersonator had made the decision to cut off communication and, in an odd turn of events, apologized for any confusion and blamed it on “Nk hackers. “.

Michael Barnhart, a Mandiant North Korea analyst, chuckled, “I love it.”. They’re apologizing from North Korea for acting like someone else. “.


Please enter your comment!
Please enter your name here

Share post:




More like this

PRO Palestinian protests in London , Five people have been arrested.

PRO Palestinian protests in London Five people have been...

G7 called for immediate lifting of the Japanese food embargo and put pressure on China.

Japanese food : TOKYO, October 29 (Reuters). The Group...

Pope Francis calls for ceasefire between Israel and Hamas and release hostages.

Pope Francis calls for ceasefire, 29 October. Pope Francis...