Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

    Security Awareness Training Blog

    Spear Phishing Campaign Targets North Korean Defectors

    Stu Sjouwerman | Nov 30, 2021

    Spear Phishing Campaign TargetA state-sponsored threat actor is sending spear phishing emails to North Korean defectors and also to journalists who cover matters related to North Korea, according to researchers at Kaspersky. The threat actor first messages the target via a hacked Facebook account belonging to one of the target’s acquaintances.

    “Before spear-phishing a potential victim and sending a malicious document, the actor contacted an acquaintance of the victim using the victim’s stolen Facebook account,” the researchers write. “The actor already knew that the potential target ran a business related to North Korea and asked about its current status. After a conversation on social media, the actor sent a spear-phishing email to the potential victim using a stolen email account. The actor leveraged their attacks using stolen login credentials, such as Facebook and personal email accounts, and thereby showed a high level of sophistication.”

    Next, the actor sends the victim an email with a malware-laden Microsoft Word document.

    “After a Facebook conversation, the potential target received a spear-phishing email from the actor,” Kaspersky says. “It contains a password-protected RAR archive with the password shown in the email body. The RAR file contains a malicious Word document.”

    The researchers also note that the threat actor also takes steps to bypass SMS-based two-factor authentication.

    “To sum up, the actor targeted victims with a probable spear-phishing attack for Windows systems and smishing for Android systems,” the researchers write. “The actor leverages Windows executable versions and PowerShell versions to control Windows systems. We may presume that if a victim’s host and mobile are infected at the same time, the malware operator is able to overcome two-factor authentication by stealing SMS messages from the mobile phone. After a backdoor operation with a fully featured backdoor, the operator is able to steal any information they are interested in. Using the stolen information, the actor further leverages their attacks.”

    New-school security awareness training can enable your employees to thwart targeted social engineering attacks.

    Kaspersky has the story.

    Topics: Phishing Spear Phishing

    Discover Your Organization’s Phish-prone™ Percentage

    Ninety-one percent of data breaches begin with spear phishing. Launch our Free Phishing Security Test for up to 100 users to uncover your team's vulnerability and see how your security posture stacks up against industry benchmarks.

    Get Your Free Phishing Security Test

    Secure the Digital Workforce: Human + AI

    KnowBe4 empowers the modern workforce to make smarter security decisions every day. Trusted by more than 70,000 organizations worldwide, KnowBe4 is the pioneer of digital workforce security, securing both AI agents and humans. The KnowBe4 Platform provides attack simulation and training, collaboration security, and agent security powered by AIDA (Artificial Intelligence Defense Agents) and a proprietary Risk Score. The platform leverages 15 years of behavioral data to combat advanced threats including social engineering, prompt injection, and shadow AI. By securing humans and agents, KnowBe4 leads the industry in workforce trust and defense.

    Stu Sjouwerman

    ABOUT STU SJOUWERMAN

    Stu Sjouwerman (pronounced “shower-man”) is the Founder and Executive Chairman of KnowBe4, Inc., which hosts the world’s most popular integrated security awareness training and simulated phishing platform, with over 54,000 organization customers and more than 50 million users. A serial entrepreneur and data security expert with 30 years in the IT industry, Stu was the co-founder of Inc. 500 company Sunbelt Software, a multiple award-winning anti-malware software company that was acquired in 2010.

    Read more from Stu »

    Subscribe to Our Blog

    Posts By Topic

    View All