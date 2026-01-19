Seoul, Jan 19 (IANS) A North Korea-linked hacking group has recently conducted a sophisticated malware distribution campaign by abusing online advertising systems operated by Naver and Google, a report showed on Monday.

According to the online threat assessment report released by Genians Security Center, Konni, the hacking group tied to Kimsuky and other Pyongyang-sponsored hacking groups, has launched an advanced persistent threat (APT) campaign by exploiting the online portals' ad systems.

The group exploited a process referred to as click tracking used in online advertising, which routes users through intermediary web links before directing them to advertisers' websites, reports Yonhap news agency.

Through fake intermediary web links, the group was found to have redirected users to external servers hosting malicious files.

According to the report, Konni initially focused on abusing Naver's advertising infrastructure but recently expanded its attacks through Google's ad system.

Analysts at the centre said they identified the phrase "Poseidon-Attack" within the malware code, suggesting the hacking group has systematically managed the campaign under the Poseidon labelling.

Security experts warned that the campaign highlights the growing sophistication of state-backed North Korean cyberattacks and cautioned users to not open suspicious ad-linked email attachments, particularly those containing shortcut link files.

Meanwhile, North Korea likely stole over $2 billion in cryptocurrency last year, a U.S. official said, amid growing concerns that its revenue from virtual asset heists continues to bankroll its nuclear and ballistic missile programmes.

Jonathan Fritz, principal deputy assistant secretary at the State Department's Bureau of East Asian and Pacific Affairs, delivered a presentation during a U.N. meeting on a Multilateral Sanctions Monitoring Team (MSMT) report detailing the North's sanctions violation and evasion through cyber and information technology (IT) worker activities.

The MSMT was established after a U.N. expert panel, tasked with monitoring sanctions enforcement, was disbanded in April 2024 due to Russia's veto of a resolution to extend its mandate. It consists of 11 countries, including South Korea, the United States, Japan, Australia and Canada.

The assessment is in line with an estimate from Chainalysis, a blockchain data platform, which has said that North Korean hackers stole $2.02 billion in cryptocurrency in 2025, a 51 percent year-over-year increase.

