Security News > 2024 > May > NSA warns of North Korean hackers exploiting weak DMARC email policies
The NSA and FBI warned that the APT43 North Korea-linked hacking group exploits weak email Domain-based Message Authentication Reporting and Conformance policies to mask spearphishing attacks.
Together with the U.S. State Department, the two agencies cautioned that the attackers abuse misconfigured DMARC policies to send spoofed emails which appear to come from credible sources such as journalists, academics, and other experts in East Asian affairs.
"Kimsuky actors' primary mission is to provide stolen data and valuable geopolitical insight to the North Korean regime by compromising policy analysts and other experts," the agencies added in a joint advisory [PDF] published this week.
In these attacks, they exploit missing DMARC policies or DMARC policies with "p=none" configurations, which tell the receiving email server to take no action on messages that fail DMARC checks.
The first instructs email servers to quarantine emails that fail DMARC and tag them as potential spam, while the second tells them to block all emails that fail DMARC checks.
"In addition to setting the 'p' field in DMARC policy, the authoring agencies recommend organizations set other DMARC policy fields, such as 'rua' to receive aggregate reports about the DMARC results for email messages purportedly from the organization's domain," the agencies added.
News URL
Related news
- U.K. Hacker Charged in $3.75 Million Insider Trading Scheme Using Hacked Executive Emails (source)
- North Korean Hackers Using New VeilShell Backdoor in Stealthy Cyber Attacks (source)
- Hackers exploit Roundcube webmail flaw to steal email, credentials (source)
- North Korean govt hackers linked to Play ransomware attack (source)
- North Korean hackers pave the way for Play ransomware (source)
- North Korean hackers employ new tactics to compromise crypto-related businesses (source)
- North Korean Hackers Target Crypto Firms with Hidden Risk Malware on macOS (source)
- North Korean hackers use new macOS malware against crypto firms (source)
- North Korean Hackers Target macOS Using Flutter-Embedded Malware (source)
- North Korean hackers create Flutter apps to bypass macOS security (source)