Beware of North Korean Hackers, US Warns


US federal agencies have warned companies and government entities against a North Korean hacking group known as Kimsuky. The cybercrime clan has targeted organizations in the United States, South Korea, and Japan, to collect intelligence on various topics of interest to the North Korean regime, particularly nuclear policy and sanctions. The Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the US Cyber Command jointly released an advisory containing detailed information about Kimsuky’s activities, including tactics, procedures, and techniques.

The hacking group seems to focus its data-gathering activities on foreign policy and national security issues related to the Korean peninsula, the alert said. It has been active since 2012, with known attacks against think tanks, South Korean government entities, and “experts in various fields.” The American federal agencies also believe that the North Korean regime Kimsuky has most likely hired Kimsuky to carry out global intelligence-collection missions.

The North Korean cybercriminals use several methods to infiltrate systems and devices. Their most common techniques are spear-phishing and watering hole attacks. Phishing campaigns are carried out using emails containing malicious links, files, or documents. The attackers pose as legitimate organizations or employees and encourage you to click the infected link or attachment. Hackers send phishing scams to hundreds or thousands of victims. But in spear-phishing, they select individual targets. As for watering hole attacks, bad actors monitor which websites an organization or individual regularly visits and infects one or more with malware, hoping one of their targets falls victim.

Kimsuky uses other methods as well, like distributing malicious files across torrent services, advising victims to install harmful browser extensions, and using login-security-alert-themed emails. The North Korean attackers are taking advantage of the coronavirus pandemic, launching COVID-related spear-phishing campaigns to steal confidential information. The US authorities cautioned all individuals and private entities that fall within the group’s target scope to take preemptive measures and enhance their security systems. That includes safeguards against spear-phishing, use of multi-factor authentication, and user awareness training.”

Cybersecurity tools like VPNs prevent third parties from monitoring your online activities and data by encrypting your traffic. TheVPN.Guru offers thorough VPN reviews and how-to guides, as well as the latest news on Internet security and privacy.