A hacking group linked to North Korea has carried out a sophisticated malware campaign by abusing online advertising systems run by Naver and Google, according to a new security report.
The findings were published in an online threat assessment released by the Genians Security Center on Monday.
The report said the hacking group Konni is associated with Kimsuky and other Pyongyang-backed cyber units.
Analysts stated that Konni launched an advanced persistent threat campaign by exploiting advertising platforms used by major online portals.
The group reportedly abused a click-tracking process that redirects users through intermediary links before reaching an advertiser’s website.
Investigators found that fake intermediary links were used to secretly redirect users to external servers hosting malicious files.
The report noted that Konni initially focused its attacks on Naver’s advertising infrastructure.
Researchers said the group later expanded the campaign by exploiting Google’s online advertising system.
Security analysts identified the phrase “Poseidon-Attack” embedded within the malware’s code.