Security News > 2023 > June > You might have been phished by the gang that stole North Korea’s lousy rocket tech

You might have been phished by the gang that stole North Korea’s lousy rocket tech
2023-06-02 05:15

The United States and the Republic of Korea have issued a joint cyber security advisory [PDF] about North Koreas "Kimsuky" cyber crime group.

In their joint advisory, US and South Korean authorities said Kimsuky targets "Think tanks, academic institutions, and news outlets for the purpose of intelligence gathering." The South says the gang is also involved in stealing info used by the DPRK's satellite program.

Whatever its target, Kimsuky's preferred tactic to gain access to its targets is social engineering - especially spear phishing.

The document containing the questionnaire is clean, but the follow-up document that asks for bank account details often contains malicious macros that "Quietly establish connections with Kimsuky command and control infrastructure, and result in the provision of access to the target's device."

Another Kimsuky tactic is creating "Fake but realistic versions of actual websites, portals, or mobile applications" to have victims log on using their credentials for the real version of the site.

The joint advisory recommends paying attention to the descriptions of Kimsuky activity as outlined above, and in more depth in the document.


News URL

https://go.theregister.com/feed/www.theregister.com/2023/06/02/us_south_korea_kimsuky_warning/