Daniel DePetris is a foreign affairs expert based in the United States. He received an email in October from Jenny Town, the director of 38 North, asking him to write about North Korea.
丹尼尔·德佩特里斯是美国的外交事务专家。今年10月,他收到了“北纬38度”负责人珍妮·唐恩的电子邮件,邀请他撰写关于朝鲜的文章。
But Town did not send the email. The sender was a suspected North Korean spy, cybersecurity researchers said.
但是唐恩没发过这封邮件。网络安全研究人员表示,发件人是疑似朝鲜间谍。
Instead of infecting DePetris' computer and stealing important information, the sender appeared to be trying to get his thoughts on North Korean security issues.
这位发件人似乎不是想感染德佩特里斯的电脑并窃取重要信息,而是试图了解他对朝鲜安全问题的看法。
Cybersecurity researchers told Reuters news agency the email is part of a new campaign by a suspected North Korean hacking group. They said the group is targeting leading experts in foreign countries to better understand Western policy on North Korea.
网络安全研究人员告诉路透社,这封电子邮件是一家疑似朝鲜黑客组织发起的新活动的一部分。他们表示,该组织的目标是外国权威专家,以便更好地了解西方对朝鲜的政策。
The emails seen by Reuters showed issues raised were China's reaction in the event of a new nuclear test and how to deal with North Korean "aggression."
路透社看到的电子邮件显示,邮件中提出的问题包括中国对朝鲜新一轮核试验的反应,以及如何应对朝鲜的“挑衅”。
Researchers are calling the hacking group Thallium, or Kimsuky, among other names. The group has long used tricks in emails to gain information or send malware to targets' computers. Now, however, the group appears to simply ask experts to offer opinions or write reports.
研究人员将该组织称为Thallium,或是Kimsuky等名称。该组织长期以来一直使用电子邮件骗术获取信息,或是向目标计算机发送恶意软件。然而现在该组织似乎只是邀请专家提供意见或撰写报告。
James Elliott of the Microsoft Threat Intelligence Center (MSTIC) said the new method of cyberattack first appeared in January. He added that the attackers have a lot of success "with this very, very simple method."
微软威胁情报中心的詹姆斯·艾略特表示,这种新型网络攻击手法首次出现在1月份。他还表示,攻击者“利用这种非常非常简单的方法”取得了很大成功。
MSTIC said it had identified several experts on North Korea who have provided information to a Thallium attacker account. Elliott added that the attackers are "getting it directly from the expert."
微软威胁情报中心表示,他们已经发现了几名朝鲜问题专家向Thallium组织攻击者账户提供了信息。艾略特还表示,攻击者“直接从专家那里获得了信息。”
A 2020 report by U.S. government cybersecurity agencies said Thallium has been operating since 2012. And the group is most likely used by the North Korean government to gather intelligence.
美国政府网络安全机构在2020年的一份报告中表示,Thallium组织自2012年开始运营。该组织很可能被朝鲜政府用于收集情报。
Microsoft has found that Thallium has historically targeted government employees. Other targets include those that work in policy and education, and human rights.
微软发现,Thallium组织历来以政府雇员为目标。其它目标包括政策、教育和人权方面的从业者。
Email attacks
邮件攻击
Jenny Town of 38 North said that the attackers impersonated her email account using an address that ended in ".live" instead of her official account's ".org". In one email, the suspected attackers included her real email in the exchange.
“北纬38度”的唐恩表示,攻击者使用以“.live”结尾的地址来冒充她的电子邮件账户,而不是她官方账户的“.org”。在某封电子邮件中,疑似攻击者将她的真实电子邮件地址包含在邮件对话中。
DePetris said the emails he has received were written as if a researcher were asking for a paper submission or comments on a paper. He said the attackers also included organization logos to make them look real.
德佩特里斯表示,他收到的电子邮件就跟某位研究人员被约稿或是对文章发表评论一样。他说,袭击者还包含了各种组织标识,以使其看起来更真实。
In one email, which DePetris shared with Reuters, the attackers offered $300 for his comment on a paper about North Korea's nuclear program and suggestions for other possible experts. Elliot noted that the hackers never paid anyone for their research or answer.
在德佩特里斯分享给路透社的电子邮件中,袭击者出价300美元,要求他对一篇关于朝鲜核计划的文章发表评论,并向其它可能的专家提供建议。艾略特指出,黑客从未为他们的研究或答复支付任何费用。
Elliott of Microsoft said the method can be quicker than hacking someone's account and searching through their emails. He said it also goes around traditional technical security programs that would alert the message as having malware. And it permits spies direct access to the experts' thinking.
微软的艾略特表示,这种方法比侵入某人的账户并搜索他们的电子邮件更快。他说,它还绕过了传统的技术安全程序,这些程序会提醒消息存在恶意软件。它让间谍可以直接获得专家的想法。
"For us as defenders, it's really, really hard to stop these emails," he said, adding that in most cases it comes down to the recipient being able to figure it out.
他说:“对于我们防御人员来说,阻止这些邮件真的非常非常困难。”他还表示,在大多数情况下,这取决于收件人是否能够搞清楚。
I'm Gregory Stachel.
我是格雷戈里·斯塔切尔。(51VOA.COM原创翻译,请勿转载,违者必究!)