North Korean Cyber Group Dupes Top DC Analyst

north korean cyber group dupes top dc analyst.jpg Technology

In the dimly lit hours of a work night, six years ago, esteemed researcher Jenny Town momentarily stepped away from her computer, only to return to a chilling discovery: her computer had been hacked. Town, a leading expert on North Korea at the Stimson Institute and the director of Stimson’s 38 North Program, was targeted by North Korean hackers who infiltrated her system, stole personal information, and used it to create an impersonator to extract further information from her colleagues.

This sophisticated cyber attack was not merely an attempt to gain classified information, as Town openly admitted at Mandiant’s mWISE conference on Monday, "I don’t have any clearance. I don’t have any access to classified information." The attack was led by a unit of North Korea’s intelligence services, codenamed APT43, or KimSuky, using a popular remote-desktop tool, TeamViewer. The hackers quickly sifted through her computer files, even activating her webcam, before abruptly ending the intrusion, leaving Town and cybersecurity company Mandiant to uncover the extent of the breach and the hackers’ true intentions.

North Korean Hackers Create Digital Doppelganger of Prestigious Researcher

Six years ago, Jenny Town, a leading expert on North Korea at the Stimson Institute, left her computer for a brief moment only to return and find that her system had been compromised. A North Korean hacking unit, known as APT43 or KimSuky, had managed to infiltrate her computer, stealing vital information which they later used to create a digital impersonator of Town.

Exploiting Open-Source Intelligence

Town, the director of Stimson’s 38 North Program, is known for her work based on open-source intelligence. She utilizes publicly available data to analyze North Korean dynamics, without the need for classified information access. However, the hackers weren’t just in search of classified data.

Using TeamViewer, a popular remote-desktop tool, they gained access to her computer, running scripts to explore her system. They presumably turned on her webcam to check if she had returned to her computer, before quickly closing everything down.

A Digital Doppelganger with a Purpose

The hackers managed to exfiltrate information about Town’s colleagues, her field of study, and her contact list. They then created a digital doppelganger of Town, a North Korean sock puppet, to gather intelligence from afar. This tactic filled the void for North Korea, a country without diplomatic relations with the U.S and thus limited ability to gather intelligence from public events or network with think tanks.

The fake Jenny Town began reaching out to prominent researchers and analysts, pretending to be her. "It’s a lot of social engineering. It’s a lot of sending fake emails, pretending to be me, pretending to be my staff, pretending to be reporters," Town said at the conference.

The Impact and Aftermath

The group responsible for Town’s digital clone has been linked to cryptocurrency laundering operations and influence campaigns, targeting other academics and researchers. Although increasing awareness has lessened its effectiveness, the tactic still poses a threat, particularly to less tech-savvy academics who may not scrutinize domains or emails for typos.

Even when the real person warns their contacts about the doppelganger, disbelief is a common response. One of Town’s colleagues refused to believe her warnings until he contacted the person he believed he was corresponding with through another channel. Surprisingly, the North Korean doppelganger apologized for any confusion, blaming it on "Nk hackers."


The story of Jenny Town’s digital impersonation underscores the evolving nature of cyber threats. It highlights the need for individuals and organizations to remain vigilant, scrutinize the authenticity of digital communications, and employ robust cybersecurity measures. It also emphasizes that hackers are not just after classified information but can manipulate personal data for intelligence gathering. As digital doppelgangers become a more common tactic, understanding and awareness of such ploys will be crucial in countering their effectiveness.

Crive - News that matters