North Korean threat actors [1] [2] [3], specifically the Kimsuky group [1] [2] [3], are utilizing a vulnerability in DMARC email protection systems to carry out targeted spearphishing campaigns.
Description
By posing as experts in East Asian affairs, such as journalists and academics [1] [2] [5], the hackers are seeking to gather intelligence on geopolitical events and foreign policy strategies [2] [4], particularly in the US and South Korea [1] [2]. These campaigns involve creating fake personas with fake usernames and legitimate domain names to appear credible to targets [1]. Organizations are advised to update their DMARC policies to enhance protection against these attacks.
Conclusion
To mitigate the risks posed by the Kimsuky group, organizations should update their DMARC policies and educate potential targets on identifying suspicious indicators in phishing emails. The ongoing cyber espionage activities of North Korean hackers highlight the need for enhanced cybersecurity measures and vigilance in the face of evolving threats.
References
[1] https://www.infosecurity-magazine.com/news/north-korean-spoofing-journalist/
[2] https://ciso2ciso.com/north-korean-hackers-spoofing-journalist-emails-to-spy-on-policy-experts-source-www-infosecurity-magazine-com/
[3] https://cybermaterial.com/us-alerts-on-n-korean-email-spoofing-threat/
[4] https://www.upi.com/Top_News/World-News/2024/05/03/North-Korea-Kimsuky-US-cyber-advisory-hacking-email-DMARC/6701714726148/
[5] https://cyber.vumetric.com/security-news/2024/05/03/nsa-warns-of-north-korean-hackers-exploiting-weak-dmarc-email-policies/