U.S. Government Warns of North Korean Spear-Phishing Campaigns

North Korea Cyber AttackThe North Korean state-sponsored threat actor Kimsuky is launching spear phishing attacks against individuals working at think tanks and academic institutions in the US, according to a joint advisory from the US State Department, the FBI, and the NSA.

“North Korean cyber actors rely on social engineering techniques such as spearphishing—the use of fabricated emails tailored to deceive a target—as their primary vector for initiating a compromise and gaining access to a target’s device and networks,” the advisory says.

“Kimsuky spear phishing campaigns begin with broad research and preparation, including leveraging open source information to identify potential targets of value and then creating tailored online personas to appear more realistic and appealing to their targets. The cyber actors may also use content from emails of previously compromised email accounts to enhance the seeming authenticity of their spoofed emails.”

The agencies warn users to be on the lookout for the following red flags:

  • “Innocuous initial communication with no malicious links/attachments, followed by communications containing malicious links/documents, potentially from a different, seemingly legitimate, email address
  • Email content that may include real text of messages recovered from previous victim
  • engagement with other legitimate contacts
  • Emails in English that have awkward sentence structure and/or incorrect grammar
  • Emails or communications targeting victims with either direct or indirect knowledge of policy information, including U.S. and ROK government employees/officials working on North Korea, Asia, China, and/or Southeast Asia matters; U.S. and ROK government employees with high clearance levels; and members of the military
  • Email accounts that are spoofed with subtle incorrect misspellings of legitimate names and email addresses listed in a university directory or an official website
  • Malicious documents that require the user to click ‘Enable Macros’ to view the document
  • “Follow-up emails within 2-3 days of initial contact if the target does not respond to the initial spear phishing email"
  • Emails purporting to be from official sources but sent using unofficial email services, identifiable through the email header information being a slightly incorrect version of an organization’s domain”

KnowBe4 empowers your workforce to make smarter security decisions every day. Over 65,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.

Nextgov has the story.

Free Phishing Security Test

Would your users fall for convincing phishing attacks? Take the first step now and find out before bad actors do. Plus, see how you stack up against your peers with phishing Industry Benchmarks. The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.

PST ResultsHere's how it works:

  • Immediately start your test for up to 100 users (no need to talk to anyone)
  • Select from 20+ languages and customize the phishing test template based on your environment
  • Choose the landing page your users see after they click
  • Show users which red flags they missed, or a 404 page
  • Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
  • See how your organization compares to others in your industry

Go Phishing Now!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:


Subscribe to Our Blog

Comprehensive Anti-Phishing Guide

Get the latest about social engineering

Subscribe to CyberheistNews