Social engineering is coming to the fore, and vulnerable DMARC policies only play into the hands of cybercriminals.
A joint statement issued by the National Security Agency (NSA), the Federal Bureau of Investigation (FBI) and the US State Department warns of a new cyber threat from North Korea. Experts have found that North Korean hackers send emails to various American organizations disguised as legitimate companies and individuals, which increases the risk of illegal access to private documents and communications of targets.
It is noted that attackers use vulnerabilities in the DMARC (Domain-based Message Authentication, Reporting, and Compliance) policy settings, which allows them to hide social engineering attempts during digital email correspondence. This technique is actively used to gather intelligence, including information about geopolitical events and foreign policy of opponents.
The detected activity belongs to the North Korean group Kimsuky (also known as APT43, Black Banshee, Emerald Sleet, Springtail, TA427 and Velvet Chollima), which is associated by experts with the Main Intelligence Directorate of the DPRK and is considered a related group in relation to the famous Lazarus.
According to Proofpoint, Kimsuky began using this method of attack in December last year, targeting experts in the field of foreign policy, nuclear disarmament and sanctions. Hackers usually conduct long-term correspondence with their targets, creating trust relationships and using various pseudonyms that mimic experts from academia, journalism, and independent research.
As noted, methods such as malware or collecting credentials were rarely used in this operation.: since most of the valuable information was extracted by hackers in the course of ordinary confidential correspondence.
In one of the cases raised by the US authorities, a hacker posed as a legitimate journalist by requesting an interview with an unknown expert on North Korea's nuclear weapons and offering to use an allegedly personal email address, which turned out to be fake.
In order to increase security, US organizations at risk were advised to update their DMARC policies so that email servers would treat any suspicious messages as spam, and additionally report such phishing incidents.
A joint statement issued by the National Security Agency (NSA), the Federal Bureau of Investigation (FBI) and the US State Department warns of a new cyber threat from North Korea. Experts have found that North Korean hackers send emails to various American organizations disguised as legitimate companies and individuals, which increases the risk of illegal access to private documents and communications of targets.
It is noted that attackers use vulnerabilities in the DMARC (Domain-based Message Authentication, Reporting, and Compliance) policy settings, which allows them to hide social engineering attempts during digital email correspondence. This technique is actively used to gather intelligence, including information about geopolitical events and foreign policy of opponents.
The detected activity belongs to the North Korean group Kimsuky (also known as APT43, Black Banshee, Emerald Sleet, Springtail, TA427 and Velvet Chollima), which is associated by experts with the Main Intelligence Directorate of the DPRK and is considered a related group in relation to the famous Lazarus.
According to Proofpoint, Kimsuky began using this method of attack in December last year, targeting experts in the field of foreign policy, nuclear disarmament and sanctions. Hackers usually conduct long-term correspondence with their targets, creating trust relationships and using various pseudonyms that mimic experts from academia, journalism, and independent research.
As noted, methods such as malware or collecting credentials were rarely used in this operation.: since most of the valuable information was extracted by hackers in the course of ordinary confidential correspondence.
In one of the cases raised by the US authorities, a hacker posed as a legitimate journalist by requesting an interview with an unknown expert on North Korea's nuclear weapons and offering to use an allegedly personal email address, which turned out to be fake.
In order to increase security, US organizations at risk were advised to update their DMARC policies so that email servers would treat any suspicious messages as spam, and additionally report such phishing incidents.
