 |
North Korean IT hacker. (Photo: SNS) |
[Alpha Biz= Paul Lee] The North Korea-associated hacking group Konni has reportedly been targeting users in South Korea with a new spear-phishing campaign dubbed the “Poseidon Operation”, exploiting legitimate URLs from services like Google to bypass traditional security systems.
According to a threat intelligence report by Genians Security Center on January 19, Konni disguises malicious links as legitimate advertising URLs. Victims receive emails impersonating institutions such as the Financial Supervisory Service; clicking the links triggers downloads of malware. The attackers mimic Google’s ad click-tracking system, making it difficult for security solutions to detect the malicious URLs. Malicious files analyzed contained the string “Poseidon-Attack,” suggesting that the campaign is systematically managed under the project name “Poseidon.”
The group has also attempted attacks via Google’s device location feature, Find Hub, targeting users of government and financial services. After stealing Google account credentials, the hackers could remotely delete data if the device was not nearby, causing secondary damage.
Experts warn that most recent cyberattacks in South Korea are delivered through email links and advise users to avoid entering sensitive information unnecessarily.
알파경제 Paul Lee 특파원(hoondork1977@alphabiz.co.kr)
