A hacking group associated with North Korea has conducted a sophisticated malware distribution campaign through Naver and Google’s online advertising systems. The group, known as Konni and linked to Pyongyang-sponsored hacking groups like Kimsuky, utilized a method called click tracking in online advertising to redirect users to malicious websites via fake intermediary links. Initially targeting Naver’s ad infrastructure, the group has now expanded its attacks to Google’s ad system.
Security experts discovered the phrase “Poseidon-Attack” within the malware code, indicating that the hacking group managed the campaign under the Poseidon label. This incident underscores the increasing complexity of state-backed cyberattacks by North Korea. Users are advised to avoid opening suspicious ad-linked email attachments, especially those containing shortcut link files to prevent potential cyber threats.
In a separate development, a U.S. official revealed that North Korea allegedly stole over $2 billion in cryptocurrency last year. The illicit revenue from virtual asset theft is believed to fund the country’s nuclear and ballistic missile programs. During a U.N. meeting, Jonathan Fritz from the State Department’s Bureau of East Asian and Pacific Affairs highlighted a report by the Multilateral Sanctions Monitoring Team (MSMT) detailing North Korea’s sanctions violations through cyber activities.
The MSMT, formed after the disbandment of a U.N. expert panel in 2024, includes 11 countries such as South Korea, the United States, Japan, Australia, and Canada. Chainalysis, a blockchain data platform, estimated that North Korean hackers stole $2.02 billion in cryptocurrency in 2025, marking a significant increase from the previous year’s thefts.
