SEOUL, January 19 (AJP) - A hacking group believed to be linked to North Korea has spread malware through ads on Google and Naver.
According to an analysis by South Korean cybersecurity firm Genians on Monday, Konni, suspected to be part of APT37, a North Korean state-sponsored cyber espionage group, used online advertising networks to launch cyberattacks by covertly routing users through malicious intermediary web links before landing them on advertisers' websites.
Under a cyber operation dubbed the "Poseidon Operation," North Korean hackers copy URLs and then guide users step by step to an external server hosting malicious files. Even when artificial intelligence (AI)-based tools or security systems detect the links, they can be difficult to block because they appear to originate from legitimate Naver or Google domains.
These attacks begin with spoofed emails, often posing as financial institutions or other trusted entities, to lure recipients into opening the message. Once users click the link, malicious software is installed that enables remote control of their devices.
Genians warned that the latest findings reveal the increasing sophistication of North Korean cyberattacks, urging users to avoid clicking on suspicious links in e-mails or online ads.
According to an analysis by South Korean cybersecurity firm Genians on Monday, Konni, suspected to be part of APT37, a North Korean state-sponsored cyber espionage group, used online advertising networks to launch cyberattacks by covertly routing users through malicious intermediary web links before landing them on advertisers' websites.
Under a cyber operation dubbed the "Poseidon Operation," North Korean hackers copy URLs and then guide users step by step to an external server hosting malicious files. Even when artificial intelligence (AI)-based tools or security systems detect the links, they can be difficult to block because they appear to originate from legitimate Naver or Google domains.
These attacks begin with spoofed emails, often posing as financial institutions or other trusted entities, to lure recipients into opening the message. Once users click the link, malicious software is installed that enables remote control of their devices.
Genians warned that the latest findings reveal the increasing sophistication of North Korean cyberattacks, urging users to avoid clicking on suspicious links in e-mails or online ads.
Copyright ⓒ Aju Press All rights reserved.