Skip to Content
Security & privacy

Simple phishing emails were behind the biggest North Korean hacks

You may remember four years ago, there was a malware attack on Sony Pictures. That attack led to leaks of unreleased films, publications of executive salaries and passcodes. 

What about the 2016 Bangladesh Bank $80 million hacking heist, the biggest cybertheft operation on a financial institution in history so far?

And last year, there was the massive attack of ransomware called “WannaCry.” The WannaCry campaign has claimed 200,000 victims across 150 countries worldwide, targeting private companies and public organizations and has actually endangered lives.

All of these attacks are commonly attributed to a certain state-sponsored hacking group from North Korea. The U.S. has been tracking this particular group of hackers since 2009. They have been identified with various names like  “Hidden Cobra,” “Guardians of the Peace” and the “Lazarus Group.”

Now, you might think that this notorious group’s most successful campaigns utilized the most elaborate and sophisticated schemes, right?

Think again. It looks like all of their cyberattacks still start off as simple phishing emails.

Hook, line and sinker

A criminal complaint recently published by the U.S. Department of Justice against a North Korean programmer named Park Jin Hyok revealed the insider tactics of one of the most prolific hacking groups in the world. 

Park, a suspected accomplice of the “Lazarus Group” hackers, is charged with one count of conspiracy to commit computer fraud and abuse and one count of conspiracy to commit wire fraud.

According to the document, some of the biggest cyberattacks in the world still relied on the simplest trick in the hackers playbook — phishing emails, spear phishing emails, in particular.

What is spear phishing?

Spear phishing is a form of targeted email scams aimed specifically at an individual or organization. By sending out carefully crafted emails with identifiable personal data, the attackers make it appear that the messages are coming from legitimate and trusted sources.

If the victim falls for the trap and opens a malicious attachment or link, spying malware and data theft software could then be installed on a machine or a network, leading to more attacks.

The attack pattern

According to the FBI, the members of the group cased their targets significantly before launching the attacks, including extensive research on the company and its individual employees.

With this information on hand, they then prepare the spear-phishing messages to be distributed via email or social media to the selected targets.

With these campaigns, the hackers hope that the targeted employees will open and execute the booby-trapped phishing emails while using their company computer systems, which can result in a breach of a target company’s entire network security.

Some of these phishing emails were disguised as messages from Facebook or Google. While in other cases, the hacking group created fake email accounts belonging to recruiters or executives of other big companies and then sent bogus recruitment emails to the targets. Other emails simply posed as lucrative job opportunities.

Sony Pictures and beyond

For example, the Sony Pictures cyberattack investigation revealed that months before the actual attack took place, a number of social media accounts were sending or posting links that will direct the company’s employees to malware.

Targeted Sony Pictures employees were also sent phishing emails that contained fake Flash videos that installed malware bogus software. It is believed that this method was how the group infiltrated Sony Picture’s network in September 2014.

The FBI noted that these same simple phishing email tactics were also successfully utilized in the Bangladesh Bank and WannaCry ransomware attacks.

Furthermore, the hacking group also attempted to infiltrate U.S. defense contractors, universities, utility companies and cryptocurrency exchanges with similar spear-phishing email campaigns.

Hear my view on simple email scams with this latest Consumer Tech Update podcast. Tap or click below to listen.

How do you protect yourself?

With the ever-growing threat of new of state-sponsored cyberattacks, you need to take precautionary steps. Here are mitigation tips that will help:

  • Keep your software and operating systems updated with the latest fixes and patches.
  • Never open risky links in emails – don’t open attachments from unsolicited emails, it could be a phishing scam. Malware can infect your gadget through malicious links found in phishing emails.
  • Have strong security software – this will help prevent the installation of ransomware on your gadget.
  • Back up data regularly – this is the best way to recover your critical data if your computer is infected with ransomware.

For these types of malware, your best bet for protection is to have backups of your files. We recommend our sponsor, IDrive, for fast and reliable cloud backups. Backup your all your gadgets and save 50% on all your backup needs and get 2TB of storage for less than $35!

Tech smarts in 2 minutes a day

Get my Daily Tech Update and the Digital Life Hack. Just one minute each and arm you with the tech knowledge you need to impress your boss and friends with how smart you are.