N. Korea-linked hacking group exploits Naver, Google ads to spread malware: report

A North Korea-linked hacking group has recently conducted a sophisticated malware distribution campaign by abusing online advertising systems operated by Naver and Google, a report showed Monday. According to the online threat assessment report released by Genians Security Center, Konni, the hacking group tied to Kimsuky and other Pyongyang-sponsored hacking groups, has launched an advanced persistent threat (APT) campaign by exploiting the online portals' ad systems. The group exploited a process referred to as click tracking used in online advertising, which routes users through intermediary web links before directing them to advertisers' websites. Through fake intermediary web links, the group was found to have redirected users to external servers hosting malicious files. According to the report, Konni initially focused on abusing Naver's advertising infrastructure but recently expanded its attacks through Google's ad system. Analysts at the center said they identified the phrase "Poseidon-Attack" within the malware code, suggesting the hacking group has systematically managed the campWeiter zum vollständigen Artikel bei Korea Times Weiter zum vollständigen Artikel bei Korea Times