How Are N. Korea-Linked Hackers Using Naver and Google Ads to Distribute Malware?
Click to start listening
Synopsis
Discover how a North Korea-linked hacking group has manipulated Naver and Google ads to spread malware. This sophisticated campaign marks a worrying trend in state-sponsored cyberattacks, prompting urgent security warnings for users.
Key Takeaways
- North Korea-linked hackers are exploiting ad systems on Naver and Google.
- The campaign features advanced persistent threat tactics.
- Users should avoid clicking on suspicious ad-linked email attachments.
- Konni group is evolving its cyber strategies.
- Over $2 billion in cryptocurrency thefts indicate a significant funding source for North Korea's programs.
Seoul, Jan 19 (NationPress) A hacking group associated with North Korea has recently executed a sophisticated campaign for distributing malware by exploiting the online advertising platforms of Naver and Google, according to a report released on Monday.
The assessment from Genians Security Center revealed that Konni, linked to Kimsuky and other Pyongyang-sponsored groups, has initiated an advanced persistent threat (APT) operation taking advantage of the advertising systems on these online platforms.
Utilizing a method known as click tracking, the group has been able to navigate users through intermediary web links before finally reaching the advertisers' websites, as stated by the Yonhap news agency.
By employing deceptive intermediary links, the hackers managed to reroute users to external servers that hosted malicious files.
Initially, Konni concentrated on manipulating Naver's advertising framework, but has since broadened its attacks to include Google's ad system.
Experts at the center noted the presence of the term “Poseidon-Attack” in the malware code, indicating that the hacking group has systematically managed this operation under the Poseidon label.
Security analysts have raised alarms that this campaign illustrates the increasing sophistication of state-sponsored cyber assaults from North Korea. They advise users to refrain from opening suspicious email attachments linked to ads, particularly those that include shortcut link files.
In related news, a U.S. official stated that North Korea potentially appropriated over $2 billion in cryptocurrency last year, intensifying worries that the income from these cyber heists continues to fund its nuclear and ballistic missile initiatives.
Jonathan Fritz, principal deputy assistant secretary at the State Department's Bureau of East Asian and Pacific Affairs, presented during a U.N. meeting discussing a report from the Multilateral Sanctions Monitoring Team (MSMT) detailing violations and evasion of sanctions through cyber and IT worker activities.
The MSMT was formed after the U.N. expert panel, responsible for monitoring sanctions enforcement, was dissolved in April 2024 due to a veto from Russia against extending its mandate. It includes 11 countries, such as South Korea, the United States, Japan, Australia, and Canada.
This assessment aligns with an estimate from Chainalysis, a blockchain analytics company, which reported that North Korean hackers stole $2.02 billion in cryptocurrency in 2025, marking a 51 percent increase year-over-year.
Point of View
We remain committed to delivering timely and accurate news. The evolving landscape of cyber threats, particularly from state-sponsored entities like North Korea, underscores the importance of vigilance among users. Our role is to inform and educate our readers on these critical issues affecting global security.
NationPress
21/01/2026
Frequently Asked Questions
What methods are North Korean hackers using?
North Korean hackers are exploiting online advertising systems from platforms like Naver and Google to distribute malware through deceptive links.
What is the significance of the term 'Poseidon-Attack'?
The term 'Poseidon-Attack' found in the malware code indicates that the hacking group is organizing its operations under this systematic label.
What are the implications of North Korean cyberattacks?
These cyberattacks highlight the growing sophistication of state-sponsored threats, potentially funding North Korea's nuclear and ballistic missile programs.
How much cryptocurrency did North Korea allegedly steal?
Reports indicate that North Korea stole over $2 billion in cryptocurrency last year.
What should users do to stay safe?
Users should avoid opening suspicious email attachments, especially those linked to ads or containing shortcut link files.
