Connect with us

Hi, what are you looking for?

Tech & Science

Google TAG flags North Korean hackers targeting cyber-researchers (Includes interview)

Suspects in Ukraine and Russia were charged in a scheme to hack a US government website to gain early access to sensitive corporate information to beat the market - AFP
Suspects in Ukraine and Russia were charged in a scheme to hack a US government website to gain early access to sensitive corporate information to beat the market - AFP

To show the extent of the problem, North Korea stole over $316 million in virtual assets through illicit cyberattacks over the past two years to support its military program, according to a UN Security Council report. Much of the activity was directed towards the U.S. and this continues a pattern of cyberwarfare stemming from the country. The UN report is supported by a Google TAG report.

Looking at the issue for Digital Journal is Casey Ellis, CTO and Founder of Bugcrowd. Ellis says that this string of incidents is an unfortunate validation of the corporate, economic, and national-security value of the work of security researchers.

Ellis says that :”As the security researcher community continues its decades-old effort to secure the Internet and it’s users, this string of incidents is an unfortunate validation of the corporate, economic, and national-security value of the work of security researchers. It’s great to see the Google Threat Analysis Group (TAG) stepping up to look out for and defend the researchers themselves.”

Another aspect is avoding tainting ethical hackers with the work of the infiltrators. Here Ellis explains: “As cybersecurity leaders, we have a responsibility to support the ethical hacker community as they defend the safety of the Internet, and to thwart adversaries like this who are targeting security researchers operating in good faith.”

He adds: “The actions of security researchers have helped thousands of organizations around the world discover and address vulnerabilities before adversaries could exploit them — preventing countless attacks that would undoubtedly prove detrimental to any organizations’ digital operations. Google TAG’s role in sounding the alarm on this threat reiterates the need for security researchers to protect our digital world and those within it, including themselves.”

Going back to the specific threat, Ellis says that this needs to be taken very seriously, noting: “While many questions still linger around recent state-sponsored attacks, this latest incident emphasizes that no company, organization or individual is exempt from being vulnerable to a cyberattack — no matter how robust their cybersecurity posture may be. The North Korean cyberattacker’s new strategy of hiding behind the identity of fake cybersecurity companies is detrimental to previous security researcher efforts in building a sense of trust between themselves, and public and private sector organizations.”

And here, ethical security researchers can prove invaluable, suggests Ellis: “Organizations across industries must recognize the need to accept the assistance of security researchers who are actively defending against a growing legion of adversaries, such as this North Korean hacking group. Even enterprises with in-house security teams can benefit from the help of external security researchers — specifically their ability to provide continuous, 24/7 security testing and monitoring. Speed is the natural enemy of security and the best way to improve an organization’s security posture and beat malicious adversaries is by thinking like one.”

Avatar photo
Written By

Dr. Tim Sandle is Digital Journal's Editor-at-Large for science news. Tim specializes in science, technology, environmental, business, and health journalism. He is additionally a practising microbiologist; and an author. He is also interested in history, politics and current affairs.

You may also like:

Tech & Science

Supermassive Black Holes halt the rapid construction in an ancient celestial city - elliptical galaxies.

Sports

For women e-sports players in China, mastering the game is just the first hurdle in the male-dominated field.

Social Media

The first symptoms of disinformation are emerging on the social media network Bluesky, with echoes of the pro-Russian "Matryoshka" campaign.

Business

Data centers accounted for 4.4 percent of US electricity needs in 2023, a figure that is likely to rise to 12 percent by 2028.