Social media used by North Korea’s hacker group Kumsong 121 in executing cyberattack

September 22, 2021
Social media North Korea hacker group Kumsong 121

Kumsong 121, a group of hackers from North Korea, has recently executed a cyberattack with social media. Researchers warn cellphone and computer users to be cautious since the hacking and attacks from North Korea have been growing and becoming more sophisticated. 

A cybersecurity researcher reported that they have detected a new and advanced persistent threat or APT through a press release. This threat is allegedly launched by the North Korean threat actors Kumsong 121. Additionally, the said attack was executed through an elaborate process that includes utilising social media in befriending the victims and sending them the infected files instead of using email as the most common method. 

In befriending their victims, the attackers usually send friendly chats and greetings and engage in ordinary and exciting topics that their victim might lure into. If the threat actor has managed to hack the social media account of its victim, they will then choose more targets from the social media friends list of the victim. 

Next, the threat actor will send the infected file to the victim’s email address in the act of soliciting friendly advice to a North Korean affairs column they will claim to have recently been written. This file attached to the email consists of the macro virus that will render the computer or device of the victim once they have approved of the file, which enables the threat actors to perform a hack. 

This hacker group carries out smishing attacks aimed at Android mobile users. In this entire process, the hackers have performed the traditional “spear-phishing” through social media, which attacks particular targets.


Additionally, the group Kumsong 121 also targets Android smartphones to attack.


If the victim installs the infected package through their Android phone, many of their sensitive and private details can be stolen. These data may include the victim’s contact list, text messages, call records, location data, photos, sound recordings, or videos saved to their phones. 

As reported by a cybersecurity researcher, the hacker group has managed to hack into the mobile devices of eminent personalities such as a South Korean lawmaker. The threat actors will pose as someone expert from a specific industry or pretend as an acquaintance. Researchers advise potential victims to confirm the legitimacy of any suspicious interactions by directly calling the sender. 

About the author

Leave a Reply