ClickCease Cyberattackers targets experts in North Korea

Join Our Popular Newsletter

Join 4,500+ Linux & Open Source Professionals!

2x a month. No spam.

Cyberattackers target experts in North Korea

by

June 20, 2023 - TuxCare PR Team

According to SentinelLabs, a North Korean APT organization known as Kimsuky is conducting a social engineering effort against specialists in North Korean issues.

The attack started with an email from a phony North Korean News account. The email requests that the recipient study a draft piece regarding North Korea’s nuclear danger. If the recipient clicks on the link in the email, they are sent to a fake Google Docs page that requests their login information. After entering the credentials, they are transmitted to Kimsuky. Kismuky then steals the news service’s important Google and subscriber credentials.

Kimsuky can then use the credentials to get access to the victim’s email, social media, and other internet accounts. They can also use the credentials to conduct other assaults, such as phishing campaigns or ransomware operations. Kimsuky’s major marketing approach mimics Chad O’Carroll, the founder of NK News and the linked holding business Korea Risk Group. They set up an attacker-controlled domain, nknews[.]pro, that looks very similar to the official NK News domain, nknews.org.

According to the researchers, Kimsuky uses HTML-formatted spear-phishing emails to begin interacting with the victims. These emails, which impersonate NK News leadership, include no harmful components and are intended to encourage additional participation without raising suspicion.

Once the target has participated in the dialogue, the APT group sends an email with a link to a Google document. If the receiver does not respond, the threat actors send a reminder email to compel a response. The attackers change the URL by changing the href HTML element to go to a website they control.

The sources for this piece include an article in SecurityAffairs.

Summary
Cyberattackers target experts in North Korea
Article Name
Cyberattackers target experts in North Korea
Description
North Korean APT organization known as Kimsuky is conducting a social engineering effort against specialists in North Korean issues.
Author
Publisher Name
TuxCare
Publisher Logo

Looking to automate vulnerability patching without kernel reboots, system downtime, or scheduled maintenance windows?

Become a TuxCare Guest Writer

Mail

Help Us Understand
the Linux Landscape!

Complete our survey on the state of Open Source and you could win one of several prizes, with the top prize valued at $500!

Your expertise is needed to shape the future of Enterprise Linux!