2022年12月16日 VOA慢速英语：朝鲜间谍尝试新的黑客方法

 

Daniel DePetris is a foreign affairs expert based in the United States. He received an email in October from Jenny Town, the director of 38 North, asking him to write about North Korea.
Daniel DePetris 是驻美国的外交事务专家。他在 10 月收到一封来自38 North的导演珍妮镇的电子邮件，要求他写关于朝鲜的文章。
 
But Town did not send the email. The sender was a suspected North Korean spy, cybersecurity researchers said.
但是 Town 没有发送电子邮件。网络安全研究人员称，发件人疑似朝鲜间谍。
 
Instead of infecting DePetris' computer and stealing important information, the sender appeared to be trying to get his thoughts on North Korean security issues.
发件人似乎没有感染 DePetris 的计算机并窃取重要信息，而是试图了解他对朝鲜安全问题的看法。
 
Cybersecurity researchers told Reuters news agency the email is part of a new campaign by a suspected North Korean hacking group. They said the group is targeting leading experts in foreign countries to better understand Western policy on North Korea.
网络安全研究人员告诉路透社，这封电子邮件是疑似朝鲜黑客组织发起的新活动的一部分。他们说，该组织的目标是外国的主要专家，以更好地了解西方对朝鲜的政策。
 
The emails seen by Reuters showed issues raised were China's reaction in the event of a new nuclear test and how to deal with North Korean "aggression."
路透社看到的电子邮件显示，提出的问题是中国对新核试验的反应以及如何应对朝鲜的“侵略”。
 
Researchers are calling the hacking group Thallium, or Kimsuky, among other names. The group has long used tricks in emails to gain information or send malware to targets' computers. Now, however, the group appears to simply ask experts to offer opinions or write reports.
研究人员将黑客组织称为 Thallium 或 Kimsuky 等名称。该组织长期以来一直在电子邮件中使用技巧来获取信息或向目标计算机发送恶意软件。然而现在，该小组似乎只是请专家提供意见或撰写报告。
 
James Elliott of the Microsoft Threat Intelligence Center (MSTIC) said the new method of cyberattack first appeared in January. He added that the attackers have a lot of success "with this very, very simple method."
微软威胁情报中心 (MSTIC) 的詹姆斯·埃利奥特 (James Elliott) 表示，这种新的网络攻击方法于 1 月份首次出现。他补充说，攻击者“用这种非常非常简单的方法”取得了很大的成功。
 
 
MSTIC said it had identified several experts on North Korea who have provided information to a Thallium attacker account. Elliott added that the attackers are "getting it directly from the expert."
MSTIC 表示，它已经确定了几位朝鲜问题专家向 Thallium 攻击者账户提供了信息。埃利奥特补充说，攻击者是“直接从专家那里得到的”。
 
A 2020 report by U.S. government cybersecurity agencies said Thallium has been operating since 2012. And the group is most likely used by the North Korean government to gather intelligence.
美国政府网络安全机构 2020 年的一份报告称，Thallium 自 2012 年以来一直在运作。该组织很可能被朝鲜政府用来收集情报。
 
Microsoft has found that Thallium has historically targeted government employees. Other targets include those that work in policy and education, and human rights.
微软发现，Thallium 历来以政府雇员为目标。其他目标包括那些在政策和教育以及人权方面工作的目标。
 
Email attacks
电子邮件攻击
 
Jenny Town of 38 North said that the attackers impersonated her email account using an address that ended in ".live" instead of her official account's ".org". In one email, the suspected attackers included her real email in the exchange.
38 North 的 Jenny Town 表示，攻击者冒充了她的电子邮件帐户，使用以“.live”结尾的地址而不是她官方帐户的“.org”结尾。在一封电子邮件中，可疑的攻击者在交换中包含了她的真实电子邮件。
 
DePetris said the emails he has received were written as if a researcher were asking for a paper submission or comments on a paper. He said the attackers also included organization logos to make them look real.
DePetris 说，他收到的电子邮件写得好像研究人员要求提交论文或对论文发表评论。他说，攻击者还包括组织标志，使它们看起来真实。
 
In one email, which DePetris shared with Reuters, the attackers offered $300 for his comment on a paper about North Korea's nuclear program and suggestions for other possible experts. Elliot noted that the hackers never paid anyone for their research or answer.
在 DePetris 与路透社分享的一封电子邮件中，攻击者悬赏 300 美元，要求他对一篇关于朝鲜核计划的论文发表评论，并向其他可能的专家提出建议。埃利奥特指出，黑客从未为他们的研究或答案向任何人支付费用。
 
Elliott of Microsoft said the method can be quicker than hacking someone's account and searching through their emails. He said it also goes around traditional technical security programs that would alert the message as having malware. And it permits spies direct access to the experts' thinking.
微软的埃利奥特说，这种方法比侵入某人的帐户并搜索他们的电子邮件更快。他说，它还绕过了传统的技术安全程序，这些程序会在消息中含有恶意软件时发出警报。它允许间谍直接接触专家的思想。
 
"For us as defenders, it's really, really hard to stop these emails," he said, adding that in most cases it comes down to the recipient being able to figure it out.
“对于我们作为捍卫者来说，阻止这些电子邮件真的非常困难，”他说，并补充说在大多数情况下，这取决于收件人是否能够弄清楚。