North Korean government hackers have been caught sending fake emails to try and trick people into giving up sensitive information. They are taking advantage of organizations that don’t have strong email security set up.
The FBI, NSA, and US State Department recently warned about a North Korean hacking group called Kimsuky. This group’s main goal is to gather intelligence that could threaten the North Korean regime by hacking into the accounts of experts, officials, and others with valuable information.
How Do They Do It?
Kimsuky, the North Korea hacking group starts by researching potential targets online to learn about their interests and jobs. They then create fake identities pretending to be from trusted organizations like think tanks or universities. Using these fake personas, they send emails to targets trying to build a relationship.
The emails look really convincing at first, with no malicious links or attachments. But later on, they will send messages with malware designed to break into the target’s computer if opened. They might pretend to offer speaking fees or invite you to fake conferences to make their emails more tempting.
The sneaky part is that Kimsuky exploits a setting called DMARC that organizations use to prevent email spoofing. With weak DMARC policies, Kimsuky can make their emails appear legitimately sent from real organizations’ domains, hiding their true malicious origin.
What to Watch Out For
- Emails with small spelling/grammar errors, but otherwise looking authentic
- Gradual ramp-up from innocent messages to requests to open attachments/links
- Topics related to North Korea, Asia policy, military/government intelligence
- Subtle misspellings of real organizations or people in the sender details
Staying Safe Organizations should enable strict DMARC policies that reject or quarantine any unauthenticated emails claiming to be from their domains. Individuals should always be very cautious about unsolicited emails requesting you open files or click links, even if they appear to come from trusted sources.
If you are a USA based entity then let authorities know right away if you encounter any suspicious Kimsuky activity. Together we can stop these North Korean hacking efforts.