Back on Oct. 22, the FBI, the intelligence community, and other government agencies called a press conference to discuss what was described as “an urgent matter of national security.” The announcement, per Fox News, was that both Russia and Iran were taking steps to interfere with the 2020 election, with both those nations having obtained voter registration data.
“This data can be used by foreign actors to attempt to communicate false information to registered voters that they hope will cause confusion, sow chaos, and undermine your confidence in American democracy,” Director of National Intelligence John Radcliffe said in the press conference.
“To that end, we have already seen Iran sending spoofed emails designed to intimidate voters, incite social unrest, and damage President Trump. You may have seen some reporting on this in the last twenty-four hours or you may have even been one of the recipients of those emails.”
The joint statement from the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the U.S. Cyber Command Cyber National Mission Force (CNMF) is described as an “Advanced Persistent Threat Focus” about Kimsuky, a North Korean hacking group. The government refers to their “malicious cyber activity” as “HIDDEN COBRA.”
According to the report, Kimsuky is believed to have been “tasked by the North Korean regime with a global intelligence gathering mission,” using such tactics as spearfishing, and has acted against targets in the United States, South Korea and Japan. Specific targets have included think tanks, South Korean government entities and “individuals identified as experts in various fields.”
Kimsuky has also posed as reporters in the past, especially when trying to infiltrate South Korea.
“The APT group has used web hosting credentials—stolen from victims outside of their usual targets—to host their malicious scripts and tools,” the report says. “Kimsuky likely obtained the credentials from the victims via spearphishing and credential harvesting scripts. On the victim domains, they have created subdomains mimicking legitimate sites and services they are spoofing, such as Google or Yahoo mail.”
ZD Net, citing an Army document, reported earlier this fall that North Korea has at least six thousand hackers operating, with some of them located in such other countries as Belarus, China and India. In addition, North Korean hackers have stolen millions of dollars in cryptocurrency in multiple heists, with the U.S. filing suit to reclaim the associated accounts. The potential for cryptocurrency theft is mentioned in the report this week.
Stephen Silver, a technology writer for the National Interest, is a journalist, essayist and film critic, who is also a contributor to Philly Voice, Philadelphia Weekly, the Jewish Telegraphic Agency, Living Life Fearless, Backstage magazine, Broad Street Review and Splice Today. The co-founder of the Philadelphia Film Critics Circle, Stephen lives in suburban Philadelphia with his wife and two sons. Follow him on Twitter at @StephenSilver.