A North Korea–linked hacking group has carried out a sophisticated malware distribution campaign by exploiting online advertising systems operated by Naver and Google, according to a report released Monday.
The online threat assessment, published by the Genians Security Center, revealed that Konni, a hacking group associated with Kimsuky and other Pyongyang-sponsored cyber units, launched an advanced persistent threat (APT) campaign by abusing digital advertising infrastructure.
According to Yonhap News Agency, the attackers exploited a technique known as click tracking, commonly used in online advertising. This process routes users through intermediary web links before directing them to an advertiser’s final destination. By creating fake intermediary links, the group redirected users to external servers hosting malicious files.
The report found that Konni initially targeted Naver’s advertising platform but has recently expanded its operations to include Google’s ad system, significantly broadening the campaign’s reach.
Security analysts also identified the phrase “Poseidon-Attack” embedded in the malware code, suggesting the campaign was systematically organized under a coordinated operation name.
Cybersecurity experts warned that the campaign demonstrates the increasing sophistication of state-backed North Korean cyberattacks. Users were urged to avoid opening suspicious ad-linked email attachments, particularly files containing shortcut (.LNK) links, which are commonly used to trigger malware execution.
If this article helped you, please consider supporting our work. Every small contribution keeps Abijita.com independent and running.
