Tue. Dec 24th, 2024
Occasional Digest - a story for you

North Korean hackers are using a new tactic for email-based cyberattacks, a U.S. cybersecurity advisory warned. File Photo by Stephen Shaver/UPI
North Korean hackers are using a new tactic for email-based cyberattacks, a U.S. cybersecurity advisory warned. File Photo by Stephen Shaver/UPI | License Photo

SEOUL, May 3 (UPI) — North Korean hackers are exploiting an email security flaw in attacks used to gather sensitive intelligence and information, a new U.S. cybersecurity advisory warned.

The advisory, issued Thursday by the FBI, State Department and National Security Agency, said that members of the Pyongyang-backed hacking collective Kimsuky are sending spearphishing emails to individuals at think tanks, academic institutions and media organizations.

Spearphishing is a type of scam that targets specific individuals or groups with personalized information. In this case, the North Korean hackers appear to be legitimate journalists or scholars and are able to hide their identities through improperly configured DNS Domain-based Message Authentication, Reporting and Conformance, or DMARC, records on email systems.

“North Korea leverages these spearphishing campaigns to collect intelligence on geopolitical events, adversary foreign policy strategies, and any information affecting North Korean interests by gaining illicit access to targets’ private documents, research and communications,” the advisory said.

In one example, a hacker pretending to be a think tank staffer invited a U.S. government official to give a keynote address at a conference on North Korea. In another, a Kimsuky agent posed as a journalist seeking comment on geopolitical issues related to North Korea.

Red flags include awkward sentence structure or grammar and subtle incorrect spellings of legitimate names and email addresses, the advisory said.

Once the hackers establish engagement with a target, they may attempt to follow up with emails containing malicious links and attachments that will compromise the victim’s account or network.

Kimsuky is believed to operate under the North’s premier military intelligence organization, the Reconnaissance General Bureau. The hacker group is also known as Emerald Sleet, Thallium and Velvet Chollima by private-sector cybersecurity researchers.

“Kimsuky actors’ primary mission is to provide stolen data and valuable geopolitical insight to the North Korean regime by compromising policy analysts and other experts,” the advisory said. “Successful compromises further enable Kimsuky actors to craft more credible and effective spearphishing emails, which can then be leveraged against more sensitive, higher-value targets.”

Washington sanctioned Kimsuky in November, saying its cyber espionage campaigns directly support the North’s strategic and nuclear ambitions

North Korea has increasingly turned to hacking and cybertheft in recent years to raise funds for its illicit weapons programs.

Pyongyang funds 40% of its WMD program through “illicit cybermeans,” the U.N. Security Council’s Panel of Experts estimated in an annual report released in March. The Panel said that 58 suspected cyberattacks on cryptocurrency-related companies generated some $3 billion for the regime between 2017 and 2023.

Source link