Five Zero-Day vulnerabilities are said to have been used over the past year to hack targets in North Korea, according to researchers from the Google Threat Analysis Group. While Google itself makes no statements about who is behind the attacks, cyber security firm Kaspersky points to neighbouring South Korea.
The hackers are said to have used vulnerabilities in Internet Explorer, Google Chrome and Windows itself to use phishing emails (with malware hidden in attached files) to gain access to computers in the protected country. Kaspersky tells WIRED that it was able to link Google’s findings to the hacker group DarkHotel, which in the past targeted North Korea more often. The group would also operate in the service of the South Korean government.
According to Google’s cyber experts, showing such virtual threats to neighbouring North Korea is nothing surprising, but the way it happened this time is. Using five Zero-Days in one campaign in one year is quite an achievement.
“To find this many Zero-Day vulnerabilities in a relatively short time, and from one party, is pretty rare. Most of the targets we’ve identified come from North Korea, or are people working on North Korean-related problems.”
Kaspersky made the link with DarkHotel (and with it South Korea) only a few hours after Google’s announcement, as it had previously traced two of the vulnerabilities back to the group. The vulnerabilities in Windows and Internet Explorer would also have been used by the group in the past to install malware on computers. Since Google attributed the five problems found to one individual group, Kaspersky said it was ‘quite plausible that they are all related to DarkHotel’.