Pyongyang-sponsored hacking group uses KakaoTalk in malware distribution campaign: report | Yonhap News Agency

## Summary
OK SEOUL, March 16 (Yonhap) -- A North Korea-linked hacking group has used stolen KakaoTalk accounts to spread malware in a series of recent cyberattacks, highlighting a new distribution tactic, a report showed Monday. Konni, the hacking group tied to Kimsuky and other Pyongyang-sponsored groups, was found to have recently carried out an advanced persistent threat (APT) campaign using spear-phishing emails and compromised KakaoTalk accounts to infect victims' systems, according to the report published by Genians Security Center, a South Korean cybersecurity institute. Korea-linked hacking group exploits Naver, Google ads to spread malware: report N. Korea holds parliamentary elections prev Pyongyang-sponsored hacking group uses KakaoTalk in malware distribution campaign: report Next Pyongyang-sponsored hacking group uses KakaoTalk in malware distribution campaign: report

## Article Content
Facebook
X
More
Pinterest
Linked in
Tumblr
Reddit
Facebook Messenger
Copy URL
URL is copied.
OK
SEOUL, March 16 (Yonhap) -- A North Korea-linked hacking group has used stolen KakaoTalk accounts to spread malware in a series of recent cyberattacks, highlighting a new distribution tactic, a report showed Monday.
Konni, the hacking group tied to Kimsuky and other Pyongyang-sponsored groups, was found to have recently carried out an advanced persistent threat (APT) campaign using spear-phishing emails and compromised KakaoTalk accounts to infect victims' systems, according to the report published by Genians Security Center, a South Korean cybersecurity institute.
The group sent spear-phishing emails disguised as notices appointing the recipient as a North Korean human rights lecturer, with a malicious online link included to gain remote access to the victim's personal computer. Spear phishing is a type of phishing attack that targets a specific individual, group or organization.
The report noted that KakaoTalk's PC software was used, forcing the victim to serve as an intermediary for further attacks.
After remaining undetected on the system for some time, the actors gain access to the victim's KakaoTalk contact list and redistribute malicious files through the compromised accounts.
"This makes the threat particularly serious, as it goes beyond simple spear-phishing and represents a propagating APT attack that combines trust-based propagation with abuse of account sessions," the report said.
This graphic illustrates a North Korea-backed cyberattack threat. (Yonhap)
brk@yna.co.kr
(END)
Related Articles
N. Korea-linked hacking group exploits Naver, Google ads to spread malware: report
N. Korea-backed hackers launch newly detected cyberattack scheme using computer files: report
N. Korea-backed hackers deploy new malware-led cyberattack: report
Keywords
#N. Korea
#cyberattack
Articles with issue keywords
Most Liked
(News Focus) USFK's relocation of military assets to Middle East raises concerns about Seoul's capability to deter N.K. threats
16th Gwangju Biennale: You must change your life
BTS expands Gwanghwamun concert capacity to 22,000 with added standing zones
BTS to launch 'Arirang' pop-ups to mark new album release
Police vow zero tolerance for terror threats against BTS comeback concert
Most Saved
16th Gwangju Biennale: You must change your life
(2nd LD) N. Korea fires ballistic missiles as S. Korea, U.S. conduct joint drills
(LEAD) N. Korea fires projectile as S. Korea, U.S. conduct joint drills
S. Korea, U.S. hold joint river-crossing drills amid N. Korea's missile firing
(LEAD) Gov't to take steps to implement fuel price cap this week as Mideast crisis intensifies
Most Viewed Photos
Korean won weakens
Ahead of BTS concert
N. Korea holds parliamentary elections
N. Korea holds parliamentary elections
prev
Pyongyang-sponsored hacking group uses KakaoTalk in malware distribution campaign: report
Next
Pyongyang-sponsored hacking group uses KakaoTalk in malware distribution campaign: report

---

## Expert Analysis

### Merits
N/A

### Areas for Consideration
- Konni, the hacking group tied to Kimsuky and other Pyongyang-sponsored groups, was found to have recently carried out an advanced persistent threat (APT) campaign using spear-phishing emails and compromised KakaoTalk accounts to infect victims' systems, according to the report published by Genians Security Center, a South Korean cybersecurity institute.
- After remaining undetected on the system for some time, the actors gain access to the victim's KakaoTalk contact list and redistribute malicious files through the compromised accounts. "This makes the threat particularly serious, as it goes beyond simple spear-phishing and represents a propagating APT attack that combines trust-based propagation with abuse of account sessions," the report said.
- This graphic illustrates a North Korea-backed cyberattack threat. (Yonhap) brk@yna.co.kr (END) Related Articles N.

### Implications
- Korea #cyberattack Articles with issue keywords Most Liked (News Focus) USFK's relocation of military assets to Middle East raises concerns about Seoul's capability to deter N.K. threats 16th Gwangju Biennale: You must change your life BTS expands Gwanghwamun concert capacity to 22,000 with added standing zones BTS to launch 'Arirang' pop-ups to mark new album release Police vow zero tolerance for terror threats against BTS comeback concert Most Saved 16th Gwangju Biennale: You must change your life (2nd LD) N.
- Korea, U.S. conduct joint drills (LEAD) N.
- Korea's missile firing (LEAD) Gov't to take steps to implement fuel price cap this week as Mideast crisis intensifies Most Viewed Photos Korean won weakens Ahead of BTS concert N.

### Expert Commentary
This article covers korea, report, group topics. Areas of concern are also raised. Readability: Flesch-Kincaid grade 0.0. Word count: 444.