Go to listing page

Kimsuky's Hack: Targeting North Korean Affairs for Intel

Kimsuky's Hack: Targeting North Korean Affairs for Intel
The North Korean hacker group Kimsuky is engaging in a campaign to gather intelligence by focusing on experts of North Korean affairs and media. The attackers have gone so far as to steal subscription details from news outlets reporting on the country. SentinelOne recently released findings that align with a warning from the NSA, stating that Kimsuky is utilizing social engineering and malware to target think tanks, academic institutions, and the media.

Diving into details

The social engineering campaign primarily revolves around stealing email credentials, distributing malware to gather information, and pilfering subscription credentials from NK News. 
  • Kimsuky operatives extensively communicate via email and employ deceptive URLs, counterfeit websites resembling legitimate platforms, and malware-infected Microsoft Office documents as weapons.
  • Initially, the hackers send victims an email requesting their review of a draft article concerning North Korea's nuclear weapons. 
  • If the victims respond, the hackers then provide them with a URL leading to a Google document. However, this document is a trap, directing the victims to a malicious website created to steal their Google login credentials.
  • Additionally, the hackers were observed sending harmful Office documents containing the ReconShark malware. This malware is specifically designed to extract relevant victim information necessary for executing precise follow-up attacks, including deployed detection mechanisms and hardware details.

Why this matters

  • Kimsuky's recent activities show an increased focus on establishing early communication and building trust with its targets before launching malicious operations, including malware distribution. 
  • This approach emphasizes the group's dedication to fostering rapport with its victims, potentially enhancing the success of subsequent malicious activities.
  • By specifically targeting prominent experts in North Korean affairs and stealing subscription credentials from reputable news outlets covering North Korea, Kimsuky displays a heightened interest in comprehending the international community's perception of North Korea's developments, particularly its military actions. 
  • These actions likely contribute to its broader goal of gathering strategic intelligence and influencing North Korea's decision-making processes.

The bottom line

The findings emphasize Kimsuky's ongoing dedication to targeted social engineering attacks. It underscores the importance of heightened awareness and comprehension of Kimsuky's tactics among potential targets. Remaining vigilant and implementing robust security measures are crucial for mitigating the risks posed by this persistent threat actor.
Cyware Publisher

Publisher

Cyware