Security News > 2024 > August > University Professors Targeted by North Korean Cyber Espionage Group
The North Korea-linked threat actor known as Kimsuky has been linked to a new set of attacks targeting university staff, researchers, and professors for intelligence gathering purposes.
Kimsuky, also known by the names APT43, ARCHIPELAGO, Black Banshee, Emerald Sleet, Springtail, and Velvet Chollima, is just one of the myriad offensive cyber teams operating under the direction of the North Korean government and military.
It's also very active, often leveraging spear-phishing campaigns as a starting point to deliver an ever-expanding set of custom tools to conduct reconnaissance, pilfer data, and establish persistent remote access to infected hosts.
The access afforded by Green Dinosaur is then abused to upload pre-built phishing pages that are designed to mimic legitimate login portals for Naver and various universities like Dongduk University, Korea University, and Yonsei University with the goal of capturing their credentials.
"Additionally on Kimsuky's phishing sites, there is a non-target specific phishing toolkit to gather Naver accounts," Resilience researchers said.
The analysis has also shed light on a custom PHPMailer tool used by Kimsuky called SendMail, which is employed to send phishing emails to the targets using Gmail and Daum Mail accounts.
News URL
https://thehackernews.com/2024/08/university-professors-targeted-by-north.html
Related news
- GamaCopy Mimics Gamaredon Tactics in Cyber Espionage Targeting Russian Entities (source)
- How Lazarus Group built a cyber espionage empire (source)
- Winnti APT41 Targets Japanese Firms in RevivalStone Cyber Espionage Campaign (source)
- China-Linked MirrorFace Deploys ANEL and AsyncRAT in New Cyber Espionage Operation (source)