A hacking group linked to North Korea has carried out a sophisticated malware campaign by abusing online advertising systems run by Naver and Google, according to a new security report.
The findings were published in an online threat assessment released by the Genians Security Center on Monday.
The report said the hacking group Konni is associated with Kimsuky and other Pyongyang-backed cyber units.
Analysts stated that Konni launched an advanced persistent threat campaign by exploiting advertising platforms used by major online portals.
The group reportedly abused a click-tracking process that redirects users through intermediary links before reaching an advertiser’s website.
Investigators found that fake intermediary links were used to secretly redirect users to external servers hosting malicious files.
The report noted that Konni initially focused its attacks on Naver’s advertising infrastructure.
Researchers said the group later expanded the campaign by exploiting Google’s online advertising system.
Security analysts identified the phrase “Poseidon-Attack” embedded within the malware’s code.
Experts said the label suggests the campaign was systematically organised and managed under an internal operation name.
The report highlighted that the operation demonstrates an increased level of planning and technical sophistication.
Cybersecurity specialists warned that state-backed North Korean hacking activities are becoming more advanced and difficult to detect.
Experts urged users to exercise caution when clicking on advertisement-linked content.
Security officials advised users not to open suspicious email attachments connected to online advertisements.
Analysts specifically warned against opening shortcut link files, which are commonly used to deliver malware.
The report said abuse of trusted advertising platforms poses a growing risk to ordinary internet users.
Researchers added that such campaigns exploit user confidence in legitimate online services.
The security centre called for stronger monitoring of digital advertising systems to prevent similar attacks.