More hacking attempts…

As is well known at this point, DPRK researchers, journalists, aid workers, business partners, etc. have all been targeted by similar attempts to hack into their computers.  I have posted many, though not all of the emails that have targeted me or were sent to me by other individuals (see here, here, and here). The attacks are not targeted at individuals in any specific geographic region or individuals of any specific political persuasion.  I have recently been made aware of two more recent attacks (including one this week).  They are posted below for your edification.  Please keep an eye out for similar emails.

Email 1:

—————————
From: She Hui <[email protected]>
Date: Wed, Sep 28, 2011 at 5:37 PM
Subject: [interview request]This is Shehui from eChinaDaily.
To: [DELETED]

Dear Sir,
My name is Shehui, from eChinaDaily news.
I would like to interview with you as a feature story.
Would you have some time to do a short interview?
You can review the interview topics with attachments.
I’m looking forward to getting your reply.
Thanks.

Warm regards,Shehui

—————————

The attachment is a PDF document called “interview.pdf”.  The document is blank, but it contains embedded javascript  that uses the Adobe reader to download a packet to your computer.

 

Email 2:

—————————
From: Grace lee
Sent: Mon, Sep 5, 2011 1:09 PM
Subject: 2011 DPRK economy trend and society report
To: [DELETED]

Dear Boris,
Service completed, please refer to attached service report and details.
Best Regards,

Grace lee
================================================================
DISCLAIMER: This e-mail and attachments there to are intended for the sole use of the recipient(s) named above and may contain information that is confidential and/or proprietary to the nkorea. Any use of the information contained herein (including, but not limited to, total or partial reproduction, communication, or dissemination in any form) by persons other than the intended recipient(s) is prohibited. If you have received this e-mail in error, please delete it immediately.
Company Registration No.: 2011090561E
================================================================

—————————
The attachment is labeled “2011 DPRK report.zip”. I have been unable to determine how this one operates.

Share

Comments are closed.


An affiliate of 38 North