US and South Korean Authorities Issue Warning About North Korean Hack Group Kimsuky
The FBI, the US State Department, the NSA, as well as the South Korean National Intelligence Service, the National Police Agency and the Ministry of Foreign Affairs of the country have issued a joint statement warning about the activity of the North Korean hack group Kimsuky (aka APT43, ARCHIPELAGO, Black Banshee, Emerald Sleet, Thallium, Nickel Kimball and Velvet Chollima).
Kimsuky’s Targeted Organizations
Malefactors attack media organizations, analytical and research centers, and also scientific institutions, impersonating journalists and scientists.
“Some targeted organizations may not consider the threat posed by these social engineering campaigns, either by not considering their research and communications confidential, or by not knowing that these campaigns fuel cyber espionage in general,” the experts write. “However, North Korea relies heavily on intelligence gained from these phishing campaigns and successful compromises allow Kimsuky to create more reliable and effective spear-phishing emails that can then be used against more serious and important targets.”
Kimsuky’s Tactics
The warning states that Kimsuky carefully plan their phishing attacks by using email addresses that look like real people and creating compelling, realistic content to connect with their target.
Thus, in many cases, hackers have posed as journalists and writers who allegedly seek to better understand current political events on the Korean Peninsula, the North Korean weapons program, negotiations with the United States, China’s position, and much more.
Phishing emails are often disguised as invitations to interviews, surveys, or requests for reports or documents. The first emails usually don’t contain malware or any attachments at all, as their purpose is to win the victim’s trust, not a quick hack.
The FBI notes that, despite the best efforts of hackers, in letters in English, a characteristic structure can sometimes be traced, and they may also contain entire excerpts from the previous communication of the victim with legitimate contacts that were previously stolen. In addition, the addresses used to send phishing emails mimic the addresses of real people and organizations, but almost always contain subtle “typos”.
South Korea Imposes Sanctions on Kimsuky
It should be noted that last week South Korea imposed new sanctions on members of Kimsuky, as they are allegedly involved in the recent launch of a spy satellite by North Korea. The launch itself ended in failure, with the launch vehicle and payload falling into the sea.
According to a statement by the South Korean authorities, Kimsuky members directly or indirectly participated in the development of the satellite, “stealing advanced technologies from the field of weapons development, satellites and the space industry.”
The US and South Korea have issued a warning about the activity of the North Korean hack group Kimsuky. The joint statement was prepared by the FBI, the US State Department, the NSA, as well as the South Korean National Intelligence Service, the National Police Agency and the Ministry of Foreign Affairs of the country.
Kimsuky is a malicious group that targets media organizations, analytical and research centers, and scientific institutions, impersonating journalists and scientists. The warning states that Kimsuky carefully plan their phishing attacks by using email addresses that look like real people and creating compelling, realistic content to connect with their target.
The FBI notes that, despite the best efforts of hackers, in letters in English, a characteristic structure can sometimes be traced, and they may also contain entire excerpts from the previous communication of the victim with legitimate contacts that were previously stolen. In addition, the addresses used to send phishing emails mimic the addresses of real people and organizations, but almost always contain subtle “typos”.
Phishing emails are often disguised as invitations to interviews, surveys, or requests for reports or documents. The first emails usually don’t contain malware or any attachments at all, as their purpose is to win the victim’s trust, not a quick hack.
It should be noted that last week South Korea imposed new sanctions on members of Kimsuky, as they are allegedly involved in the recent launch of a spy satellite by North Korea. The launch itself ended in failure, with the launch vehicle and payload falling into the sea. According to a statement by the South Korean authorities, Kimsuky members directly or indirectly participated in the development of the satellite, “stealing advanced technologies from the field of weapons development, satellites and the space industry.”
The US and South Korean authorities have urged organizations to be aware of the threat posed by Kimsuky and to take measures to protect themselves from phishing attacks. Organizations should consider their research and communications confidential and be aware that these campaigns fuel cyber espionage in general. Organizations should also be aware of the tactics used by Kimsuky, such as using email addresses that look like real people and creating compelling, realistic content to connect with their target.
Organizations should also be aware of the signs of phishing emails, such as a characteristic structure in English letters, excerpts from the previous communication of the victim with legitimate contacts that were previously stolen, and addresses used to send phishing emails that mimic the addresses of real people and organizations, but almost always contain subtle “typos”.
In conclusion, the US and South Korean authorities have issued a warning about the activity of the North Korean hack group Kimsuky and urged organizations to be aware of the threat posed by them and to take measures to protect themselves from phishing attacks. South Korea has also imposed new sanctions on members of Kimsuky, as they are allegedly involved in the recent launch of a spy satellite by North Korea. Organizations should be aware of the tactics used by Kimsuky and the signs of phishing emails in order to protect themselves from these malicious attacks.