North Korean Threat Actors Target Think Tanks, Academia, and Media with Phishing Campaign

Bad guy phishing on the dock
Generated using DALL-E

The United States and South Korean governments have issued a joint advisory [PDF] warning that North Korean threat actors are conducting a phishing campaign targeting individuals employed by research centers and think tanks, academic institutions, and news media organizations.

The threat actors, known as “Kimsuky,” are impersonating real people to establish trust with their targets, and eventually trick them into downloading malware. They also collect information by simply conversing with their victims.

The advisory stresses that organizations should not assume that they will not be targeted by these threat actors. “Some targeted entities may discount the threat posed by these social engineering campaigns, either because they do not perceive their research and communications as sensitive in nature, or because they are not aware of how these efforts fuel the regime’s broader cyber espionage efforts,” the agencies state.

The advisory recommends that organizations take the following steps to protect themselves from the Kimsuky threat:

  • Implement strong security controls, such as multi-factor authentication and data encryption.
  • Educate employees about social engineering attacks and how to identify and avoid them.
  • Monitor for suspicious activity and report any suspicious emails or attachments to IT security staff.

By following these tips, organizations can help to protect themselves from phishing attacks.

Here are some additional tips for protecting your organization from phishing attacks:

  • Be suspicious of any emails that you receive from unfamiliar senders, or that contain attachments or links that you are not expecting.
  • Do not click on links or open attachments in emails unless you are sure that they are from a legitimate source.
  • If you are unsure about an email, forward it to your IT security team for review.
  • Keep your software up to date with the latest security patches.
  • Use a strong password manager to create and store unique passwords for all of your online accounts.
  • Be careful about what information you share online, especially on social media.

Here are some additional details about the Kimsuky threat actors:

  • Believed to be based in North Korea.
  • Have been active since at least 2012.
  • Have targeted a wide range of organizations, including governments, businesses, and research institutions.
  • Have been successful in stealing sensitive data from their targets.

Organizations that are targeted by the Kimsuky threat actors should take steps to protect themselves, such as implementing strong security controls and educating employees about social engineering attacks.


Share this post

Surveillance cameras on wall

Russia Accuses US of Widespread Apple iPhone Hacking

Russia’s Federal Security Service (FSB) claims to have discovered an elaborate American espionage operation that compromised thousands of iPhones using sophisticated surveillance software. Moscow-based Kaspersky Lab confirmed that several of its employees’ devices were compromised during the operation.

Abstract powerlines

Mandiant Unearths New Malware That Can Sabotage Power Grids

A new strain of malware, dubbed COSMICENERGY, has been discovered that is designed to penetrate and disrupt critical systems in industrial environments. The malware is capable of exploiting an industrial communication protocol called IEC-104 to issue commands to RTUs, which could potentially cause power disruption. There is no evidence that the malware has been used in attacks, but its discovery is a reminder of the threat posed by malicious software to critical infrastructure.