英语 英语 日语 日语 韩语 韩语 法语 法语 德语 德语 西班牙语 西班牙语 意大利语 意大利语 阿拉伯语 阿拉伯语 葡萄牙语 葡萄牙语 越南语 越南语 俄语 俄语 芬兰语 芬兰语 泰语 泰语 泰语 丹麦语 泰语 对外汉语

VOA新闻杂志2022 朝鲜间谍尝试新型攻击手段

时间:2022-12-20 01:48来源:互联网 提供网友:nan   字体: [ ]
    (单词翻译:双击或拖选)

Daniel DePetris is a foreign affairs expert based in the United States. He received an email in October from Jenny Town, the director of 38 North, asking him to write about North Korea.

丹尼尔·德佩特里斯是美国的外交事务专家。今年10月,他收到了“北纬38度”负责人珍妮·唐恩的电子邮件,邀请他撰写关于朝鲜的文章。

But Town did not send the email. The sender was a suspected North Korean spy, cybersecurity researchers said.

但是唐恩没发过这封邮件。网络安全研究人员表示,发件人是疑似朝鲜间谍。

Instead of infecting DePetris' computer and stealing important information, the sender appeared to be trying to get his thoughts on North Korean security1 issues.

这位发件人似乎不是想感染德佩特里斯的电脑并窃取重要信息,而是试图了解他对朝鲜安全问题的看法。

Cybersecurity researchers told Reuters news agency2 the email is part of a new campaign by a suspected North Korean hacking3 group. They said the group is targeting leading experts in foreign countries to better understand Western policy on North Korea.

网络安全研究人员告诉路透社,这封电子邮件是一家疑似朝鲜黑客组织发起的新活动的一部分。他们表示,该组织的目标是外国权威专家,以便更好地了解西方对朝鲜的政策。

The emails seen by Reuters showed issues raised were China's reaction in the event of a new nuclear test and how to deal with North Korean "aggression4."

路透社看到的电子邮件显示,邮件中提出的问题包括中国对朝鲜新一轮核试验的反应,以及如何应对朝鲜的“挑衅”。

Researchers are calling the hacking group Thallium, or Kimsuky, among other names. The group has long used tricks in emails to gain information or send malware to targets' computers. Now, however, the group appears to simply ask experts to offer opinions or write reports.

研究人员将该组织称为Thallium,或是Kimsuky等名称。该组织长期以来一直使用电子邮件骗术获取信息,或是向目标计算机发送恶意软件。然而现在该组织似乎只是邀请专家提供意见或撰写报告。

James Elliott of the Microsoft Threat Intelligence Center (MSTIC) said the new method of cyberattack first appeared in January. He added that the attackers have a lot of success "with this very, very simple method."

微软威胁情报中心的詹姆斯·艾略特表示,这种新型网络攻击手法首次出现在1月份。他还表示,攻击者“利用这种非常非常简单的方法”取得了很大成功。

MSTIC said it had identified several experts on North Korea who have provided5 information to a Thallium attacker account. Elliott added that the attackers are "getting it directly from the expert."

微软威胁情报中心表示,他们已经发现了几名朝鲜问题专家向Thallium组织攻击者账户提供了信息。艾略特还表示,攻击者“直接从专家那里获得了信息。”

A 2020 report by U.S. government cybersecurity agencies6 said Thallium has been operating since 2012. And the group is most likely used by the North Korean government to gather intelligence.

美国政府网络安全机构在2020年的一份报告中表示,Thallium组织自2012年开始运营。该组织很可能被朝鲜政府用于收集情报。

Microsoft has found that Thallium has historically targeted government employees. Other targets include those that work in policy and education, and human rights.

微软发现,Thallium组织历来以政府雇员为目标。其它目标包括政策、教育和人权方面的从业者。

Email attacks

邮件攻击

Jenny Town of 38 North said that the attackers impersonated her email account using an address that ended in ".live" instead of her official account's ".org". In one email, the suspected attackers included her real email in the exchange.

“北纬38度”的唐恩表示,攻击者使用以“.live”结尾的地址来冒充她的电子邮件账户,而不是她官方账户的“.org”。在某封电子邮件中,疑似攻击者将她的真实电子邮件地址包含在邮件对话中。

DePetris said the emails he has received were written as if a researcher were asking for a paper submission7 or comments on a paper. He said the attackers also included organization logos to make them look real.

德佩特里斯表示,他收到的电子邮件就跟某位研究人员被约稿或是对文章发表评论一样。他说,袭击者还包含了各种组织标识,以使其看起来更真实。

In one email, which DePetris shared with Reuters, the attackers offered $300 for his comment on a paper about North Korea's nuclear program and suggestions for other possible experts. Elliot noted8 that the hackers9 never paid anyone for their research or answer.

在德佩特里斯分享给路透社的电子邮件中,袭击者出价300美元,要求他对一篇关于朝鲜核计划的文章发表评论,并向其它可能的专家提供建议。艾略特指出,黑客从未为他们的研究或答复支付任何费用。

Elliott of Microsoft said the method can be quicker than hacking someone's account and searching through their emails. He said it also goes around traditional technical security programs that would alert10 the message as having malware. And it permits spies direct access to the experts' thinking.

微软的艾略特表示,这种方法比侵入某人的账户并搜索他们的电子邮件更快。他说,它还绕过了传统的技术安全程序,这些程序会提醒消息存在恶意软件。它让间谍可以直接获得专家的想法。

"For us as defenders11, it's really, really hard to stop these emails," he said, adding that in most cases it comes down to the recipient12 being able to figure it out.

他说:“对于我们防御人员来说,阻止这些邮件真的非常非常困难。”他还表示,在大多数情况下,这取决于收件人是否能够搞清楚。


点击收听单词发音收听单词发音  

1 security iTdzh     
n.安全,安全感;防护措施;保证(金),抵押(品);债券,证券
参考例句:
  • A security guard brought him down with a flying tackle.一名保安人员飞身把他抱倒。
  • There was tight security at the airport when the President's plane landed.总统的专机降落时,机场的保安措施很严密。
2 agency iKcy0     
n.经办;代理;代理处
参考例句:
  • This disease is spread through the agency of insects.这种疾病是通过昆虫媒介传播的。
  • He spoke in the person of Xinhua News Agency.他代表新华社讲话。
3 hacking KrIzgm     
n.非法访问计算机系统和数据库的活动
参考例句:
  • The patient with emphysema is hacking all day. 这个肺气肿病人整天不断地干咳。
  • We undertook the task of hacking our way through the jungle. 我们负责在丛林中开路。
4 aggression WKjyF     
n.进攻,侵略,侵犯,侵害
参考例句:
  • So long as we are firmly united, we need fear no aggression.只要我们紧密地团结,就不必惧怕外来侵略。
  • Her view is that aggression is part of human nature.她认为攻击性是人类本性的一部份。
5 provided PkNzng     
conj.假如,若是;adj.预备好的,由...供给的
参考例句:
  • Provided it's fine we will have a pleasant holiday.如果天气良好,我们的假日将过得非常愉快。
  • I will come provided that it's not raining tomorrow.如果明天不下雨,我就来。
6 agencies 0e418dcec84ec1fd8f830787bb2c3325     
n.代理( agency的名词复数 );服务机构;(政府的)专门机构;代理(或经销)业务(或关系)
参考例句:
  • There are many specialized agencies in the United Nations. 联合国有许多专门机构。 来自《简明英汉词典》
  • The project is funded by the World Bank and other multilateral agencies. 这项计划由世界银行和其他多国机构资助。 来自《简明英汉词典》
7 submission lUVzr     
n.服从,投降;温顺,谦虚;提出
参考例句:
  • The defeated general showed his submission by giving up his sword.战败将军缴剑表示投降。
  • No enemy can frighten us into submission.任何敌人的恐吓都不能使我们屈服。
8 noted 5n4zXc     
adj.著名的,知名的
参考例句:
  • The local hotel is noted for its good table.当地的那家酒店以餐食精美而著称。
  • Jim is noted for arriving late for work.吉姆上班迟到出了名。
9 hackers dc5d6e5c0ffd6d1cd249286ced098382     
n.计算机迷( hacker的名词复数 );私自存取或篡改电脑资料者,电脑“黑客”
参考例句:
  • They think of viruses that infect an organization from the outside.They envision hackers breaking into their information vaults. 他们考虑来自外部的感染公司的病毒,他们设想黑客侵入到信息宝库中。 来自《简明英汉词典》
  • Arranging a meeting with the hackers took weeks againoff-again email exchanges. 通过几星期电子邮件往来安排见面,他们最终同意了。 来自互联网
10 alert KK8yV     
adj.机警的,活泼的,机灵的;vt.使...警觉
参考例句:
  • Drivers must be on the alert for traffic signals.驾驶员必须密切注意交通信号。
  • The rabbIt'seems to be very alert all its life.兔子似乎一生都小心翼翼,十分警觉。
11 defenders fe417584d64537baa7cd5e48222ccdf8     
n.防御者( defender的名词复数 );守卫者;保护者;辩护者
参考例句:
  • The defenders were outnumbered and had to give in. 抵抗者寡不敌众,只能投降。 来自《简明英汉词典》
  • After hard fighting,the defenders were still masters of the city. 守军经过奋战仍然控制着城市。 来自《简明英汉词典》
12 recipient QA8zF     
a.接受的,感受性强的 n.接受者,感受者,容器
参考例句:
  • Please check that you have a valid email certificate for each recipient. 请检查是否对每个接收者都有有效的电子邮件证书。
  • Colombia is the biggest U . S aid recipient in Latin America. 哥伦比亚是美国在拉丁美洲最大的援助对象。
本文本内容来源于互联网抓取和网友提交,仅供参考,部分栏目没有内容,如果您有更合适的内容,欢迎点击提交分享给大家。
------分隔线----------------------------
TAG标签:   VOA英语  慢速英语  新闻杂志
顶一下
(0)
0%
踩一下
(0)
0%
最新评论 查看所有评论
发表评论 查看所有评论
请自觉遵守互联网相关的政策法规,严禁发布色情、暴力、反动的言论。
评价:
表情:
验证码:
听力搜索
推荐频道
论坛新贴