Cyber Security

U.S., South Korean agencies warn of state-sponsored spearphishing

The North Korea-affiliated group Kimsuky’s email attacks targeted research and media organizations.

A bilateral coalition of security agencies issued a new cybersecurity advisory on Friday morning, warning of North Korea state-sponsored actors posing renewed social engineering hacking threats. 

Law enforcement agencies within the U.S. and South Korea — including the FBI, the U.S. Department of State, the Republic of Korea’s National Intelligence Service and the Ministry of Foreign Affairs — warned of the DPRK cyber group identified as Kimsuky targeting individuals employed by research centers and think tanks, academic institutions and news media organizations.

Kimsuky hackers aim to gather intelligence from these entities primarily through social engineering, which refers to using deception to manipulate and exploit human error. The advisory specifies that spear phishing is one of Kimsuky’s most common tactics, particularly in the form of malicious emails that lead to compromising network security.

“North Korea relies heavily on intelligence gained by compromising policy analysts,” the advisory reads. “For over a decade, Kimsuky actors have continued to refine their social engineering techniques and made their spearphishing efforts increasingly difficult to discern.”

One notable tactic Kimsuky uses is impersonating popular journalists and news outlets through mimicked email addresses. From there, malicious actors tend to send a link falsely claiming to be an article or news report, which contains password-protected documents that help hackers evade antivirus software.

The advisory provides specific templates Kimsuky has been known to utilize, as well as recommending several cybersecurity practices to avoid a successful spearphishing attempt. These include limiting access over internal networks, assessing risks, ensuring proper device configuration and updating antivirus software. 

This latest advisory follows escalating geopolitical tensions between the U.S. and North Korea, China and Russia, which have manifested into mounting incidents and industry concerns over state-sponsored cyberthreats

Earlier in May, the Five Eyes — a security alliance consisting of the U.S. Australia, New Zealand, Canada and the United Kingdom — issued a similar advisory warning of Volt Typhoon’s hacking endeavors. 

Volt Typhoon was found to have links to the government of China and targets critical infrastructure operations.

Source: https://www.nextgov.com/cybersecurity/2023/06/us-south-korean-agencies-warn-state-sponsored-spearphishing/387067/

Click to comment

You May Also Like

Cyber Security

How a cornerstone cybersecurity program has evolved from information collection to active defense. The Cybersecurity and Infrastructure Security Agency has used its Continuous Diagnostics...

Cyber Security

Cybercriminals are increasingly leveraging extreme weather events to launch attacks on critical infrastructure sectors. Cybersecurity experts say critical infrastructure operators can leverage a set...

Cyber Security

A new report says a cyber threat actor within Russia’s military intelligence service leveraged a novel malware campaign targeting Android devices used by the...

Cyber Security

The cybercrime group evaded remediation efforts by installing persistent backdoors and deploying “new and novel malware.” A Chinese-linked hacking group that security researchers say...

Copyright © 2023 Newsworthy News | Global | Political | Local | All News | Website By: Top Search SEO

Exit mobile version