NewKerala.com

North Korean Hackers Exploit Google, Naver Ads in Sophisticated Malware Campaign

A North Korea-linked hacking group known as Konni has conducted an advanced malware campaign by exploiting the advertising systems of major platforms Naver and Google. The group abused the "click tracking" process in online ads to redirect users through fake links to servers hosting malicious files. Security analysts identified the campaign under the "Poseidon-Attack" label, highlighting the growing sophistication of state-backed cyber threats. The report coincides with concerns that North Korea's cyber activities, including an estimated over $2 billion in stolen cryptocurrency last year, fund its weapons programs.

Key Points: N. Korea Hackers Use Google, Naver Ads to Spread Malware

  • APT campaign abuses ad click-tracking
  • Targets Naver and Google ad systems
  • Redirects users to malicious servers
  • Part of North Korea's cyber revenue strategy
  • Linked to massive cryptocurrency thefts
2 min read

N. Korea-linked hackers exploit Naver, Google ads to spread malware

Konni hacking group linked to North Korea exploits ad systems on Naver and Google to distribute malware in a campaign labelled "Poseidon-Attack."

"Poseidon-Attack - phrase found in malware code"

Seoul, Jan 19

A North Korea-linked hacking group has recently conducted a sophisticated malware distribution campaign by abusing online advertising systems operated by Naver and Google, a report showed on Monday.

According to the online threat assessment report released by Genians Security Center, Konni, the hacking group tied to Kimsuky and other Pyongyang-sponsored hacking groups, has launched an advanced persistent threat (APT) campaign by exploiting the online portals' ad systems.

The group exploited a process referred to as click tracking used in online advertising, which routes users through intermediary web links before directing them to advertisers' websites, reports Yonhap news agency.

Through fake intermediary web links, the group was found to have redirected users to external servers hosting malicious files.

According to the report, Konni initially focused on abusing Naver's advertising infrastructure but recently expanded its attacks through Google's ad system.

Analysts at the centre said they identified the phrase "Poseidon-Attack" within the malware code, suggesting the hacking group has systematically managed the campaign under the Poseidon labelling.

Security experts warned that the campaign highlights the growing sophistication of state-backed North Korean cyberattacks and cautioned users to not open suspicious ad-linked email attachments, particularly those containing shortcut link files.

Meanwhile, North Korea likely stole over $2 billion in cryptocurrency last year, a U.S. official said, amid growing concerns that its revenue from virtual asset heists continues to bankroll its nuclear and ballistic missile programmes.

Jonathan Fritz, principal deputy assistant secretary at the State Department's Bureau of East Asian and Pacific Affairs, delivered a presentation during a U.N. meeting on a Multilateral Sanctions Monitoring Team (MSMT) report detailing the North's sanctions violation and evasion through cyber and information technology (IT) worker activities.

The MSMT was established after a U.N. expert panel, tasked with monitoring sanctions enforcement, was disbanded in April 2024 due to Russia's veto of a resolution to extend its mandate. It consists of 11 countries, including South Korea, the United States, Japan, Australia and Canada.

The assessment is in line with an estimate from Chainalysis, a blockchain data platform, which has said that North Korean hackers stole $2.02 billion in cryptocurrency in 2025, a 51 percent year-over-year increase.

- IANS

Share this article:

Reader Comments

P
Priya S
Scary stuff! I always click on ads for shopping deals. Now I'll think twice. These hackers are getting too clever. Google and Naver need to fix their ad systems ASAP.
V
Vikram M
$2 billion in crypto stolen! And that money goes straight into their weapons program. The international community needs to put more pressure, but with Russia vetoing things at the UN, it's a tough fight. Shows how cyber wars are the new frontier.
S
Sarah B
Working in IT in Bangalore, this is a wake-up call for all of us. "Poseidon-Attack" sounds like something from a movie. Companies need to invest more in employee training about phishing and suspicious links, not just firewalls.
R
Rohit P
Respectfully, while the threat is real, articles like this sometimes create unnecessary panic. Most common users in India are safe if they stick to official apps and avoid shady links. The real targets are corporations and governments.
K
Kavya N
My father almost got scammed by a fake ad last month. It looked so real! We need more public service ads on TV and radio about cyber safety, especially for the older generation who are new to the internet.

We welcome thoughtful discussions from our readers. Please keep comments respectful and on-topic.

Leave a Comment

Minimum 50 characters 0/50