The United States and South Korean governments have issued a joint advisory [PDF] warning that North Korean threat actors are conducting a phishing campaign targeting individuals employed by research centers and think tanks, academic institutions, and news media organizations.
The threat actors, known as “Kimsuky,” are impersonating real people to establish trust with their targets, and eventually trick them into downloading malware. They also collect information by simply conversing with their victims.
The advisory stresses that organizations should not assume that they will not be targeted by these threat actors. “Some targeted entities may discount the threat posed by these social engineering campaigns, either because they do not perceive their research and communications as sensitive in nature, or because they are not aware of how these efforts fuel the regime’s broader cyber espionage efforts,” the agencies state.
The advisory recommends that organizations take the following steps to protect themselves from the Kimsuky threat:
- Implement strong security controls, such as multi-factor authentication and data encryption.
- Educate employees about social engineering attacks and how to identify and avoid them.
- Monitor for suspicious activity and report any suspicious emails or attachments to IT security staff.
By following these tips, organizations can help to protect themselves from phishing attacks.
Here are some additional tips for protecting your organization from phishing attacks:
- Be suspicious of any emails that you receive from unfamiliar senders, or that contain attachments or links that you are not expecting.
- Do not click on links or open attachments in emails unless you are sure that they are from a legitimate source.
- If you are unsure about an email, forward it to your IT security team for review.
- Keep your software up to date with the latest security patches.
- Use a strong password manager to create and store unique passwords for all of your online accounts.
- Be careful about what information you share online, especially on social media.
Here are some additional details about the Kimsuky threat actors:
- Believed to be based in North Korea.
- Have been active since at least 2012.
- Have targeted a wide range of organizations, including governments, businesses, and research institutions.
- Have been successful in stealing sensitive data from their targets.
Organizations that are targeted by the Kimsuky threat actors should take steps to protect themselves, such as implementing strong security controls and educating employees about social engineering attacks.