The United States Department of State issued an alert last Thursday regarding the activity of the North Korean hacking group known as ‘Kimsuky’. This group is linked to the military intelligence of Pyongyang (North Korea) and has adopted a new tactic to improve its social engineering and hacking actions.
The alert highlights North Korea’s exploitation of misconfigured DNS domain-based message authentication, notification, and compliance logging policies.
This allows North Korea to spoof legitimate email sender domains to more effectively conceal’spear phishing’ attempts, a technique used that targets a specific individual or group of individuals within an organization and attempts to trick them into disclosing sensitive information, downloading malware, or unknowingly sending payments to the attacker.
The group’s modus operandi involves posing as journalists, academics, or experts related to East Asian affairs, and its main targets are think- tanks, academic institutions, media, and NGOs.
Its objective is to collect information that may affect the interests of North Korea by accessing private documents, investigations, and communications of its targets.
This is not the first time that Washington has warned about the activity of North Korean hacking groups. Their efforts to gather intelligence from both the United States and South Korea, as well as other countries they consider a political, military, or economic threat, have been reported on numerous occasions.
