{"id":3838,"date":"2021-11-22T20:29:04","date_gmt":"2021-11-22T14:59:04","guid":{"rendered":"https:\/\/xiarch.com\/blog\/?p=3838"},"modified":"2021-11-22T20:29:07","modified_gmt":"2021-11-22T14:59:07","slug":"north-korean-cyberspies-target-govt-officials-with-custom-trojan","status":"publish","type":"post","link":"https:\/\/xiarch.com\/blog\/north-korean-cyberspies-target-govt-officials-with-custom-trojan\/","title":{"rendered":"North Korean Cyberspies Target Govt Officials with Custom Trojan"},"content":{"rendered":"\n
A state-sponsored North Korean threat actor tracked as TA406 was recently observed expanding custom info-stealing malware in espionage campaigns. The particular actor is attributed as one of several groups known as Kimsuky also known as Thallium. TA406has left traces of low-volume activity since 2018, primarily focusing on espionage, money-grabbing scams, and extortion.<\/p><\/p>\n\n\n\n
However, in March and June 2021, TA406 launched two distinct malware distribution campaigns that targeted foreign policy experts, journalists, and members of NGOs (non-governmental organizations). In a new report, security researchers tracked TA406, sampled their tools, and discovered the services they abuse and the phishing lures they employ.<\/p><\/p>\n\n\n\n
A large but targeted operation<\/strong><\/h2>\n\n\n\n
TA406 is engaging in malware distribution, phishing, intelligence collection, and cryptocurrency theft, resulting in a wide range of criminal activities. According to a security researcher\u2019s report, the actors work roughly from 9 a.m. to 5 p.m. (KST), seven days a week, with hacking their full-time occupation.<\/p><\/p>\n\n\n\n
The targeting scope is quite broad, including North America, Russia, China, South Korea, Japan, Germany, France, the UK, South Africa, India, and more. The phishing emails sent by TA406 commonly use lures about nuclear safety, politics, and Korean foreign policy, while targeting high-ranking elected officials.<\/p><\/p>\n\n\n\n
<\/figure><\/div>\n\n\n\n
“The recipients of that campaign included some of the highest ranking elected officials of several different governmental institutions, an employee at a consulting firm, government institutions related to defense, law enforcement, and economy and finance, and generic mailboxes for board and customer relations of a large financial institution,” explains security researcher\u2019s report.<\/p><\/p>\n\n\n\n
The mails are sent from compromised websites, and the sender usually impersonates real people instead of creating fake personas. Examples include an editor at Global Asia, a professor at Yonsei University, and an adviser to President Moon Jae-in.<\/p><\/p>\n\n\n\n
<\/figure><\/div>\n\n\n\n
Of particular interest, when conducting phishing campaigns to harvest credentials, TA406 does not usually create elaborate landing pages to impersonate a well-known server. Instead, they use basic HTTP authentication, which displays a browser dialog requesting the user’s credentials.<\/p><\/p>\n\n\n\n
<\/figure><\/div>\n\n\n\n
The lures are typically PDF files that require the recipient to log in to the hosting platform using their personal or corporate credentials to view them.<\/p><\/p>\n\n\n\n
Starting in January 2021, TA406 began dropping malware payloads via phishing emails leading to 7z archives. These archives contained an EXE file with a double extension to appear as an. HTML file. If opened, the file would create a scheduled task named “Twitter Alarm,” which permits the actors to drop extra payloads every 15 minutes.<\/p><\/p>\n\n\n\n
Upon execution, the EXE also starts a web browser to a PDF file of a legitimate NK News article hosted on the actor’s infrastructure, attempting to trick the victim into thinking they’re reading a post on a news site. In June 2021, TA406 began deploying a custom malware named ‘FatBoy,’ which dropped as an HTML attachment on the victim’s disk.<\/p><\/p>\n\n\n\n
<\/figure><\/div>\n\n\n\n
Each of these accessories has a unique hash and features an invisible iframe to communicate with the attackers and tell them which recipient IP address opened the file. FatBoy is a small first-stage malware whose purpose is to download a CAB file from the C2 every 20 minutes.<\/p><\/p>\n\n\n\n
The CAB file contains a batch script ball.bat, which executes a VBS script designed to perform reconnaissance and exfiltrate information via HTTP POST requests. A notable TA406 malware fetched by the downloaded malware is ‘YoreKey,’ a custom Windows keylogger masquerading as MetaTrader 4 Manager, a legitimate electronic trading platform.<\/p><\/p>\n\n\n\n
YoreKey ensures persistence by creating a registry key and storing its logs in plain text on the infected system. The keylogger allows the threat actors to steal other login credentials entered by the user as they use their device.<\/p><\/p>\n\n\n\n
Keeping cryptocurrency<\/strong><\/h3>\n\n\n\n
Parallel to the above, TA406 is also engaging in crypto-stealing operations, and according to the security researcher\u2019s findings, has received at least 3.77 Bitcoin, worth about $222,000. This is done through various methods, including posing as NGOs for donations, offering (apparently fake) file decoding\/deobfuscation services through a website named ‘Deioncube,’ and sextortion scams.<\/p><\/p>\n\n\n\n
<\/figure><\/div>\n\n\n\n
The amount of stolen cryptocurrency may be much larger as the threat actors are likely using additional wallets unknown to the security researchers.<\/p><\/p>\n\n\n\n
Attacks Supposed to continue<\/strong><\/h2>\n\n\n\n
With the wide range of malicious activity conducted by the TA406 and Kimsuky hackers, we should continue to see those conducting further attacks on behalf of the North Korean government. “Our experts anticipates this threat actor will continue to conduct corporate credential theft operations frequently, targeting entities of interest to the North Korean government,” says the Proofpoint researcher.<\/p><\/p>\n\n\n\n
These attacks include further targeting of US defense contractors and nuclear investigation companies to seize important intelligence that the North Korean government can use.<\/p><\/p>\n","protected":false},"excerpt":{"rendered":"
A state-sponsored North Korean threat actor tracked as TA406 was recently observed expanding custom info-stealing malware in espionage campaigns. The particular actor is attributed as one of several groups known as Kimsuky also known as Thallium. TA406has left traces of low-volume activity since 2018, primarily focusing on espionage, money-grabbing scams, and extortion. However, in March […]<\/p>\n","protected":false},"author":2,"featured_media":3845,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[6],"tags":[],"yoast_head":"\n
North Korean Cyberspies Target Govt Officials with Custom Trojan - Xiarch Solutions Private Limited<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/xiarch.com\/blog\/north-korean-cyberspies-target-govt-officials-with-custom-trojan\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"North Korean Cyberspies Target Govt Officials with Custom Trojan - Xiarch Solutions Private Limited\" \/>\n<meta property=\"og:description\" content=\"A state-sponsored North Korean threat actor tracked as TA406 was recently observed expanding custom info-stealing malware in espionage campaigns. The particular actor is attributed as one of several groups known as Kimsuky also known as Thallium. TA406has left traces of low-volume activity since 2018, primarily focusing on espionage, money-grabbing scams, and extortion. However, in March […]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/xiarch.com\/blog\/north-korean-cyberspies-target-govt-officials-with-custom-trojan\/\" \/>\n<meta property=\"og:site_name\" content=\"Xiarch Solutions Private Limited\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/xiarch\/\" \/>\n<meta property=\"article:published_time\" content=\"2021-11-22T14:59:04+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2021-11-22T14:59:07+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/11\/North-Korean-Cyberspies-Target-Govt-Officials-with-Custom-Trojan-featured-image.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1000\" \/>\n\t<meta property=\"og:image:height\" content=\"525\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Xiarch Security\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@xiarch\" \/>\n<meta name=\"twitter:site\" content=\"@xiarch\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Xiarch Security\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/xiarch.com\/blog\/north-korean-cyberspies-target-govt-officials-with-custom-trojan\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/xiarch.com\/blog\/north-korean-cyberspies-target-govt-officials-with-custom-trojan\/\"},\"author\":{\"name\":\"Xiarch Security\",\"@id\":\"https:\/\/xiarch.com\/blog\/#\/schema\/person\/655d814a04eacce56942270cfdc5c59c\"},\"headline\":\"North Korean Cyberspies Target Govt Officials with Custom Trojan\",\"datePublished\":\"2021-11-22T14:59:04+00:00\",\"dateModified\":\"2021-11-22T14:59:07+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/xiarch.com\/blog\/north-korean-cyberspies-target-govt-officials-with-custom-trojan\/\"},\"wordCount\":777,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/xiarch.com\/blog\/#organization\"},\"articleSection\":[\"Vulnerabilities\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/xiarch.com\/blog\/north-korean-cyberspies-target-govt-officials-with-custom-trojan\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/xiarch.com\/blog\/north-korean-cyberspies-target-govt-officials-with-custom-trojan\/\",\"url\":\"https:\/\/xiarch.com\/blog\/north-korean-cyberspies-target-govt-officials-with-custom-trojan\/\",\"name\":\"North Korean Cyberspies Target Govt Officials with Custom Trojan - Xiarch Solutions Private Limited\",\"isPartOf\":{\"@id\":\"https:\/\/xiarch.com\/blog\/#website\"},\"datePublished\":\"2021-11-22T14:59:04+00:00\",\"dateModified\":\"2021-11-22T14:59:07+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/xiarch.com\/blog\/north-korean-cyberspies-target-govt-officials-with-custom-trojan\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/xiarch.com\/blog\/north-korean-cyberspies-target-govt-officials-with-custom-trojan\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/xiarch.com\/blog\/north-korean-cyberspies-target-govt-officials-with-custom-trojan\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/xiarch.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"North Korean Cyberspies Target Govt Officials with Custom Trojan\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/xiarch.com\/blog\/#website\",\"url\":\"https:\/\/xiarch.com\/blog\/\",\"name\":\"Xiarch Solutions Private Limited\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/xiarch.com\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/xiarch.com\/blog\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/xiarch.com\/blog\/#organization\",\"name\":\"Xiarch\",\"url\":\"https:\/\/xiarch.com\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/xiarch.com\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/06\/xi-logo-002.png\",\"contentUrl\":\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/06\/xi-logo-002.png\",\"width\":300,\"height\":300,\"caption\":\"Xiarch\"},\"image\":{\"@id\":\"https:\/\/xiarch.com\/blog\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/xiarch\/\",\"https:\/\/twitter.com\/xiarch\",\"https:\/\/www.linkedin.com\/company\/xiarch\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/xiarch.com\/blog\/#\/schema\/person\/655d814a04eacce56942270cfdc5c59c\",\"name\":\"Xiarch Security\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/xiarch.com\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/d33699ed91b76568586dc1ae278ea568?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/d33699ed91b76568586dc1ae278ea568?s=96&d=mm&r=g\",\"caption\":\"Xiarch Security\"},\"sameAs\":[\"https:\/\/xiarch.com\/blog\/\"],\"url\":\"https:\/\/xiarch.com\/blog\/author\/vector\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"North Korean Cyberspies Target Govt Officials with Custom Trojan - Xiarch Solutions Private Limited","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/xiarch.com\/blog\/north-korean-cyberspies-target-govt-officials-with-custom-trojan\/","og_locale":"en_US","og_type":"article","og_title":"North Korean Cyberspies Target Govt Officials with Custom Trojan - Xiarch Solutions Private Limited","og_description":"A state-sponsored North Korean threat actor tracked as TA406 was recently observed expanding custom info-stealing malware in espionage campaigns. The particular actor is attributed as one of several groups known as Kimsuky also known as Thallium. TA406has left traces of low-volume activity since 2018, primarily focusing on espionage, money-grabbing scams, and extortion. However, in March […]","og_url":"https:\/\/xiarch.com\/blog\/north-korean-cyberspies-target-govt-officials-with-custom-trojan\/","og_site_name":"Xiarch Solutions Private Limited","article_publisher":"https:\/\/www.facebook.com\/xiarch\/","article_published_time":"2021-11-22T14:59:04+00:00","article_modified_time":"2021-11-22T14:59:07+00:00","og_image":[{"width":1000,"height":525,"url":"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/11\/North-Korean-Cyberspies-Target-Govt-Officials-with-Custom-Trojan-featured-image.jpg","type":"image\/jpeg"}],"author":"Xiarch Security","twitter_card":"summary_large_image","twitter_creator":"@xiarch","twitter_site":"@xiarch","twitter_misc":{"Written by":"Xiarch Security","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/xiarch.com\/blog\/north-korean-cyberspies-target-govt-officials-with-custom-trojan\/#article","isPartOf":{"@id":"https:\/\/xiarch.com\/blog\/north-korean-cyberspies-target-govt-officials-with-custom-trojan\/"},"author":{"name":"Xiarch Security","@id":"https:\/\/xiarch.com\/blog\/#\/schema\/person\/655d814a04eacce56942270cfdc5c59c"},"headline":"North Korean Cyberspies Target Govt Officials with Custom Trojan","datePublished":"2021-11-22T14:59:04+00:00","dateModified":"2021-11-22T14:59:07+00:00","mainEntityOfPage":{"@id":"https:\/\/xiarch.com\/blog\/north-korean-cyberspies-target-govt-officials-with-custom-trojan\/"},"wordCount":777,"commentCount":0,"publisher":{"@id":"https:\/\/xiarch.com\/blog\/#organization"},"articleSection":["Vulnerabilities"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/xiarch.com\/blog\/north-korean-cyberspies-target-govt-officials-with-custom-trojan\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/xiarch.com\/blog\/north-korean-cyberspies-target-govt-officials-with-custom-trojan\/","url":"https:\/\/xiarch.com\/blog\/north-korean-cyberspies-target-govt-officials-with-custom-trojan\/","name":"North Korean Cyberspies Target Govt Officials with Custom Trojan - Xiarch Solutions Private Limited","isPartOf":{"@id":"https:\/\/xiarch.com\/blog\/#website"},"datePublished":"2021-11-22T14:59:04+00:00","dateModified":"2021-11-22T14:59:07+00:00","breadcrumb":{"@id":"https:\/\/xiarch.com\/blog\/north-korean-cyberspies-target-govt-officials-with-custom-trojan\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/xiarch.com\/blog\/north-korean-cyberspies-target-govt-officials-with-custom-trojan\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/xiarch.com\/blog\/north-korean-cyberspies-target-govt-officials-with-custom-trojan\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/xiarch.com\/blog\/"},{"@type":"ListItem","position":2,"name":"North Korean Cyberspies Target Govt Officials with Custom Trojan"}]},{"@type":"WebSite","@id":"https:\/\/xiarch.com\/blog\/#website","url":"https:\/\/xiarch.com\/blog\/","name":"Xiarch Solutions Private Limited","description":"","publisher":{"@id":"https:\/\/xiarch.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/xiarch.com\/blog\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/xiarch.com\/blog\/#organization","name":"Xiarch","url":"https:\/\/xiarch.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/xiarch.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/06\/xi-logo-002.png","contentUrl":"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/06\/xi-logo-002.png","width":300,"height":300,"caption":"Xiarch"},"image":{"@id":"https:\/\/xiarch.com\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/xiarch\/","https:\/\/twitter.com\/xiarch","https:\/\/www.linkedin.com\/company\/xiarch"]},{"@type":"Person","@id":"https:\/\/xiarch.com\/blog\/#\/schema\/person\/655d814a04eacce56942270cfdc5c59c","name":"Xiarch Security","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/xiarch.com\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/d33699ed91b76568586dc1ae278ea568?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d33699ed91b76568586dc1ae278ea568?s=96&d=mm&r=g","caption":"Xiarch Security"},"sameAs":["https:\/\/xiarch.com\/blog\/"],"url":"https:\/\/xiarch.com\/blog\/author\/vector\/"}]}},"_links":{"self":[{"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/posts\/3838"}],"collection":[{"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/comments?post=3838"}],"version-history":[{"count":1,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/posts\/3838\/revisions"}],"predecessor-version":[{"id":3846,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/posts\/3838\/revisions\/3846"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/media\/3845"}],"wp:attachment":[{"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/media?parent=3838"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/categories?post=3838"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/tags?post=3838"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
![\"North-Korean-Cyberspies-Target-Govt-Officials-with-Custom-Trojan-image1\"](\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/11\/North-Korean-Cyberspies-Target-Govt-Officials-with-Custom-Trojan-image1-1024x572.jpg\")
<\/figure><\/div>\n\n\n\n![\"North-Korean-Cyberspies-Target-Govt-Officials-with-Custom-Trojan-image2\"](\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/11\/North-Korean-Cyberspies-Target-Govt-Officials-with-Custom-Trojan-image2.jpg\")
<\/figure><\/div>\n\n\n\n![\"North-Korean-Cyberspies-Target-Govt-Officials-with-Custom-Trojan-image3\"](\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/11\/North-Korean-Cyberspies-Target-Govt-Officials-with-Custom-Trojan-image3-1024x669.jpg\")
<\/figure><\/div>\n\n\n\n![\"North-Korean-Cyberspies-Target-Govt-Officials-with-Custom-Trojan-image4\"](\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/11\/North-Korean-Cyberspies-Target-Govt-Officials-with-Custom-Trojan-image4-1024x235.jpg\")
<\/figure><\/div>\n\n\n\n![\"North-Korean-Cyberspies-Target-Govt-Officials-with-Custom-Trojan-image5\"](\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/11\/North-Korean-Cyberspies-Target-Govt-Officials-with-Custom-Trojan-image5-1024x719.jpg\")
<\/figure><\/div>\n\n\n\n