Go to listing page

Kimsuky APT Linked to a New Attack Targeting South Korean Policy Experts

Kimsuky APT Linked to a New Attack Targeting South Korean Policy Experts
The South Korean National Police Agency has released details of a new phishing campaign that is believed to be the work of the Kimsuky APT group. The campaign was aimed at nearly 900 foreign policy experts in South Korea.

About the campaign

In the latest campaign, the attackers sent spear-phishing emails from multiple accounts impersonating different well-known authorities in South Korea.
  • These emails included a link to a fake website or an attachment that caused the download of malware. 
  • To avoid detection, the attackers used IP addresses from hacked servers. These included 326 servers from across 26 countries, out of which 87 belonged to organizations in Korea. 
  • The police reported that the targeted individuals have backgrounds in diplomacy, defense, and security.

Another attack but similar tactics

Previously, the notorious Kimsuky group had impersonated researchers and think tanks to gather information and intelligence from sources. The campaign started in January and hackers kept the target engaged for months, in some cases, to gain all the relevant information.

What else?

  • The group was also associated with a cyberespionage campaign targeting Android devices in South Korea.
  • It had used three Android malware, dubbed FastFire, FastViewer, and FastSpy, masquerading as APKs for three utility tools, to target users.

Final words

Police authorities highlight that Kimsuky and other North Korean hacker activities continue to impact victims globally. As most of these attacks are launched via phishing emails, users and organizations are urged to secure their email accounts and other critical assets.
Cyware Publisher

Publisher

Cyware