Jenny Town is the director of Stimson’s 38 North Program and a leading expert on North Korea. She relies on open-source intelligence for her work, Town said on Monday. In order to paint a picture of the dynamics of North Korea, she uses publicly available data points.

My clearance isn’t up to date. According to Town, he does not have access to classified information.

North Korea’s intelligence services codenamed APT43, or KimSuky, was after more than classified information.

A popular remote-desktop tool called TeamViewer was used by the hackers to gain access to her computer and run scripts on it. She then turned on her webcam, presumably to see if she had returned to her computer. “Then they shut everything down,” Town told conference attendees at Google-owned cybersecurity company Mandiant’s mWISE conference.

Mandiant and Town believe the North Koreans were able to steal information about Town’s colleagues, field of study, and contact list. This information was used to create a digital doppelganger of Town: A North Korean sock puppet they could use to gather intelligence from miles away.

Town explained that every embassy in D.C. serves an intelligence purpose. The embassy will attempt to gauge what policy might be in the pipeline or how policymakers felt about a particular country or event by taking the pulse of the city.

However, North Korea has never had diplomatic relations with the United States. Public events can’t be stalked or think tanks can’t be networked with by its intelligence officers.

Researchers and academics have been targeted by the group behind Town’s clone, which is linked to cryptocurrency laundering operations and influence campaigns.