Facebook says it has discovered and banned some malicious accounts controlled by North Korean hackers in an attempt to build a relationship and eventually hack victims.
A spokesperson for the internet giant said on Tuesday that last week, along with Microsoft, Facebook “took joint action to disrupt the activities of a persistent, advanced threat group commonly referred to as ZINC, or the Lazarus Group.”
The so-called Lazarus Group is a hacking group that cybersecurity companies as well as intelligence agencies from the United States, the UK, and other countries believe works directly for the North Korean government. The Lazarus Group has been accused of being behind high profile hacks like the attack on Sony Pictures in 2014, a series of hacks on the financial system SWIFT, and the recent and destructive WannaCry ransomware epidemic.
“We deleted accounts operated by this group to make it harder for them to conduct their activities,” a Facebook spokesperson said in an email to Motherboard. “We also notified people who may have been in contact with these accounts and gave suggestions to enhance their account security, as we have done in the past about other threat groups. We will continue to work closely with companies to investigate and counteract these types of threats to our collective security.”
Microsoft also announced on Tuesday that it had disrupted North Korean hackers’ activities, by helping “disrupt the malware this group relies on, cleaned customers’ infected computers, disabled accounts being used to pursue cyberattacks and strengthened Windows defenses to prevent reinfection.”
The company's announcements came on the heels of the US government’s public accusation blaming the North Korean government for WannaCry. Earlier this year, hackers unleashed a disruptive worm called WannaCry, infecting and locking thousands of computers across the world in one of the worst ransomware epidemics in recent memory.