On June 1, the FBI, the U.S. Department of State and the National Security Agency, together with the Republic of Korea’s (ROK) National Intelligence Service, National Police Agency and Ministry of Foreign Affairs, issued a joint advisory (the Joint Advisory) regarding the recent increased use of social engineering by the Democratic People’s Republic of Korea’s (DPRK or North Korea) state-sponsored cyber actors to gain access to the computer systems of individuals employed by research centers and think tanks, academic institutions, and news media organizations. These North Korean cyber actors are known to conduct spearphishing campaigns posing as real journalists, academics or other individuals with credible links to North Korean policy circles. The DPRK employs social engineering to collect intelligence on geopolitical events, foreign policy strategies and diplomatic efforts affecting its interests by gaining illicit access to the private documents, research and communications of their targets.
Background
The Joint Advisory explains that the U.S. government and others are tracking several groups of North Korean cyber actors working to obtain intelligence to provide to the North Korean government. The most prominent of these groups is called “Kimsuky,” which is known to be a state-backed cyber hacking group that targets think tanks, educational institutions and nuclear power plants. The Joint Advisory explains that North Korea relies heavily on intelligence gained by groups such as Kimsuky. Even if the information obtained does not have significant geopolitical value, the North Koreans utilize the information to craft more credible and effective spearphishing emails that can be leveraged against more sensitive, higher-value targets.
When North Korean cyber actors such as the Kimsuky group engage in spearphishing campaigns, they generally ..
Support the originator by clicking the read the rest link below.
