Kimsuky Targets Think Tanks and News Media with Social Engineering Attacks

2023-06-08 04:23

The North Korean nation-state threat actor known as Kimsuky has been linked to a social engineering campaign targeting experts in North Korean affairs with the goal of stealing Google credentials and delivering reconnaissance malware.

"Further, Kimsuky's objective extends to the theft of subscription credentials from NK News," cybersecurity firm SentinelOne said in a report shared with The Hacker News.

"To achieve this, the group distributes emails that lure targeted individuals to log in on the malicious website nknews[.]pro, which masquerades as the authentic NK News site. The login form that is presented to the target is designed to capture entered credentials."

NK News, established in 2011, is an American subscription-based news website that provides stories and analysis about North Korea.

The disclosure comes days after U.S. and South Korean intelligence agencies issued an alert warning of Kimsuky's use of social engineering tactics to strike think tanks, academia, and news media sectors.

Active since at least 2012, Kimsuky is known for its spear-phishing tactics and its attempts to establish trust and rapport with intended targets prior to delivering malware, a reconnaissance tool called ReconShark.

News URL

https://thehackernews.com/2023/06/kimsuky-targets-think-tanks-and-news.html

#attack #socialengineering