North Korean hackers are spoofing journalists to gather intelligence

North Korea
(Image credit: Etereuti / Pixabay)

A joint cybersecurity advisory in the US has warned of North Korean state-sponsored cyber actors, who are said to be using social engineering to collect intelligence on geopolitical events, foreign policy strategies, and diplomatic efforts.

The warning comes from the Federal Bureau of Investigation (FBI), the US Department of State, the National Security Agency (NSA), the Republic of Korea’s National Intelligence Service (NIS), the National Police Agency (NPA), and the Ministry of Foreign Affairs (MOFA).

The alert, issued on 1 June 2023, describes cyber actors posing as journalists, academics, or other credible individuals, who are believed to be enabling computer network exploitation against individuals employed by research centers, think tanks, academic institutions, and news media organizations.

North Korean hacker attacks

In the report, the co-authors reveal sustained information-gathering efforts by North Korean cyber actors, observed by the governments of the US and South Korea.

It specifically calls out Kimsuky, which has been linked to North Korea’s Reconnaissance General Bureau (intelligence agency). The state-backed hacker group has been observed conducting “broad cyber campaigns in support of RGB objectives” for more than a decade.

Having used open-source information to identify targets, the co-authors explain how cyber actors “create email addresses that resemble email addresses of real individuals they seek to impersonate and generate domains that host the malicious content of a spearphishing message.”

Spoofed websites, portals, or mobile applications are also said to be employed for stealing credentials and other information that can be harvested by North Korean spies.

The FBI and its co-authors have issued a series of red flags, including innocuous-looking initial communications; legitimate content stolen from legitimate contacts; awkward structure and incorrect grammar; distinct Korean dialect; almost-believable email domains that are slightly different from a victim’s own, and other email spoofing. Malicious documents and persistent follow-ups are also features of the campaign.

Those who believe they could be at risk, including workers handling sensitive and government-linked information, are being urged to familiarize themselves with the full details of the potential scams by reading the full document.

Craig Hale

With several years’ experience freelancing in tech and automotive circles, Craig’s specific interests lie in technology that is designed to better our lives, including AI and ML, productivity aids, and smart fitness. He is also passionate about cars and the decarbonisation of personal transportation. As an avid bargain-hunter, you can be sure that any deal Craig finds is top value!