Priya PatelTLDR:
- A North Korean hacking collective known as Kimsuky is using email security flaws to deploy phishing attacks against various organizations.
- The group leverages poorly configured email security protocols to gain access to organizations’ email domains and masquerade as legitimate users.
In a recent advisory, U.S. agencies warned of Kimsuky’s enhanced phishing tactics, urging organizations to change email configurations to prevent malicious messages from reaching their inboxes. The phishing messages are sent as malicious emails, with follow-up replies containing links and attachments to extract sensitive data. The group, believed to be housed in North Korea’s military intelligence directorate, focuses on providing stolen data and geopolitical insights to the regime. The advisory recommends organizations to change their DMARC policies to prevent spoofing and phishing attempts.
The Kimsuky entity has been active since at least 2012, with North Korea deploying shadow operatives globally to carry out cyber campaigns that fund Pyongyang’s nuclear weapons program. The nation’s cyber forces continue cryptocurrency heists, laundering stolen cryptocurrency, and maintaining IT workers abroad to earn additional funds. Despite U.S. intelligence assessments, the group has been sanctioned by the Treasury Department for carrying out intelligence-gathering activities in support of North Korea’s national interests.
