2022年12月16日 VOA慢速英語：朝鮮間諜嘗試新的黑客方法

 

Daniel DePetris is a foreign affairs expert based in the United States. He received an email in October from Jenny Town, the director of 38 North, asking him to write about North Korea.
Daniel DePetris 是駐美國的外交事務(wù)專家。他在 10 月收到一封來自38 North的導(dǎo)演珍妮鎮(zhèn)的電子郵件，要求他寫關(guān)于朝鮮的文章。
 
But Town did not send the email. The sender was a suspected North Korean spy, cybersecurity researchers said.
但是 Town 沒有發(fā)送電子郵件。網(wǎng)絡(luò)安全研究人員稱，發(fā)件人疑似朝鮮間諜。
 
Instead of infecting DePetris' computer and stealing important information, the sender appeared to be trying to get his thoughts on North Korean security issues.
發(fā)件人似乎沒有感染 DePetris 的計(jì)算機(jī)并竊取重要信息，而是試圖了解他對(duì)朝鮮安全問題的看法。
 
Cybersecurity researchers told Reuters news agency the email is part of a new campaign by a suspected North Korean hacking group. They said the group is targeting leading experts in foreign countries to better understand Western policy on North Korea.
網(wǎng)絡(luò)安全研究人員告訴路透社，這封電子郵件是疑似朝鮮黑客組織發(fā)起的新活動(dòng)的一部分。他們說，該組織的目標(biāo)是外國的主要專家，以更好地了解西方對(duì)朝鮮的政策。
 
The emails seen by Reuters showed issues raised were China's reaction in the event of a new nuclear test and how to deal with North Korean "aggression."
路透社看到的電子郵件顯示，提出的問題是中國對(duì)新核試驗(yàn)的反應(yīng)以及如何應(yīng)對(duì)朝鮮的“侵略”。
 
Researchers are calling the hacking group Thallium, or Kimsuky, among other names. The group has long used tricks in emails to gain information or send malware to targets' computers. Now, however, the group appears to simply ask experts to offer opinions or write reports.
研究人員將黑客組織稱為 Thallium 或 Kimsuky 等名稱。該組織長(zhǎng)期以來一直在電子郵件中使用技巧來獲取信息或向目標(biāo)計(jì)算機(jī)發(fā)送惡意軟件。然而現(xiàn)在，該小組似乎只是請(qǐng)專家提供意見或撰寫報(bào)告。
 
James Elliott of the Microsoft Threat Intelligence Center (MSTIC) said the new method of cyberattack first appeared in January. He added that the attackers have a lot of success "with this very, very simple method."
微軟威脅情報(bào)中心 (MSTIC) 的詹姆斯·埃利奧特 (James Elliott) 表示，這種新的網(wǎng)絡(luò)攻擊方法于 1 月份首次出現(xiàn)。他補(bǔ)充說，攻擊者“用這種非常非常簡(jiǎn)單的方法”取得了很大的成功。
 
 
MSTIC said it had identified several experts on North Korea who have provided information to a Thallium attacker account. Elliott added that the attackers are "getting it directly from the expert."
MSTIC 表示，它已經(jīng)確定了幾位朝鮮問題專家向 Thallium 攻擊者賬戶提供了信息。埃利奧特補(bǔ)充說，攻擊者是“直接從專家那里得到的”。
 
A 2020 report by U.S. government cybersecurity agencies said Thallium has been operating since 2012. And the group is most likely used by the North Korean government to gather intelligence.
美國政府網(wǎng)絡(luò)安全機(jī)構(gòu) 2020 年的一份報(bào)告稱，Thallium 自 2012 年以來一直在運(yùn)作。該組織很可能被朝鮮政府用來收集情報(bào)。
 
Microsoft has found that Thallium has historically targeted government employees. Other targets include those that work in policy and education, and human rights.
微軟發(fā)現(xiàn)，Thallium 歷來以政府雇員為目標(biāo)。其他目標(biāo)包括那些在政策和教育以及人權(quán)方面工作的目標(biāo)。
 
Email attacks
電子郵件攻擊
 
Jenny Town of 38 North said that the attackers impersonated her email account using an address that ended in ".live" instead of her official account's ".org". In one email, the suspected attackers included her real email in the exchange.
38 North 的 Jenny Town 表示，攻擊者冒充了她的電子郵件帳戶，使用以“.live”結(jié)尾的地址而不是她官方帳戶的“.org”結(jié)尾。在一封電子郵件中，可疑的攻擊者在交換中包含了她的真實(shí)電子郵件。
 
DePetris said the emails he has received were written as if a researcher were asking for a paper submission or comments on a paper. He said the attackers also included organization logos to make them look real.
DePetris 說，他收到的電子郵件寫得好像研究人員要求提交論文或?qū)φ撐陌l(fā)表評(píng)論。他說，攻擊者還包括組織標(biāo)志，使它們看起來真實(shí)。
 
In one email, which DePetris shared with Reuters, the attackers offered $300 for his comment on a paper about North Korea's nuclear program and suggestions for other possible experts. Elliot noted that the hackers never paid anyone for their research or answer.
在 DePetris 與路透社分享的一封電子郵件中，攻擊者懸賞 300 美元，要求他對(duì)一篇關(guān)于朝鮮核計(jì)劃的論文發(fā)表評(píng)論，并向其他可能的專家提出建議。埃利奧特指出，黑客從未為他們的研究或答案向任何人支付費(fèi)用。
 
Elliott of Microsoft said the method can be quicker than hacking someone's account and searching through their emails. He said it also goes around traditional technical security programs that would alert the message as having malware. And it permits spies direct access to the experts' thinking.
微軟的埃利奧特說，這種方法比侵入某人的帳戶并搜索他們的電子郵件更快。他說，它還繞過了傳統(tǒng)的技術(shù)安全程序，這些程序會(huì)在消息中含有惡意軟件時(shí)發(fā)出警報(bào)。它允許間諜直接接觸專家的思想。
 
"For us as defenders, it's really, really hard to stop these emails," he said, adding that in most cases it comes down to the recipient being able to figure it out.
“對(duì)于我們作為捍衛(wèi)者來說，阻止這些電子郵件真的非常困難，”他說，并補(bǔ)充說在大多數(shù)情況下，這取決于收件人是否能夠弄清楚。