After President Donald Trump and North Korean leader Kim Jong Un met in Singapore June 12, analysts said they were unsure how the summit would impact the hermit kingdom’s hacking efforts. Now, there is evidence.
The North Korean cyberattacks continued.
Malware that has been publicly attributed to a group tied with the North Korean government was used during a cluster of cyberattacks beginning in June, according to new research by Palo Alto Networks, a cybersecurity firm.
Malware used by the Reaper Group was embedded into Microsoft Word documents that contained articles about the World Cup and the North Korean summit, Palo Alto Networks said. Once planted in a computer, the malware could send screenshots, compile key-logging reports, and even be used to call for re-enforcement’s or to request new viruses.
It was not clear if the malware was targeting governments, businesses or individuals.
The Reaper Group uses their hacking program as a tool to create revenue, Jen-Miller Osborn, a deputy director of threat intelligence at Palo Alto Networks told Fifth Domain. She said the group focuses on cyber crime and BitCoin mining.
More cyberattacks that were also attributed to the Reaper group took place starting in July, Osborn told Fifth Domain.
During speeches, the U.S. government officials say that North Korea is one of America’s four main adversaries in cyberspace.
But former U.S. officials have told Fifth Domain that because much of North Korea is not well connected to the internet, the country is not particularly vulnerable to cyberattacks. Instead, the officials said that responding to North Korean cyber activity should take place via economic, diplomatic and targeted financial sanctions.
This article was updated to provide more information about the Reaper Group.
Justin Lynch is the Associate Editor at Fifth Domain. He has written for the New Yorker, the Associated Press, Foreign Policy, the Atlantic, and others. Follow him on Twitter @just1nlynch.