APT Group Kimsuky Targets University Researchers
Contents
Executive Summary
Kimsuky is a North Korean APT group tasked with global intelligence collection operations aligned with the North Korean government’s interests. The group has been active since at least 2012 and has a particular interest in South Korean think tanks and government entities; however, it also targets the United States, the United Kingdom, and other European countries. Kimsuky specializes in targeted phishing campaigns, leveraging malicious attachments in follow-on emails after establishing trust through email correspondence [1][2].
In the Spring of 2024, the NSA and FBI released a joint cybersecurity advisory pointing to the Democratic People’s Republic of Korea (DPRK, a.k.a. North Korea), specifically Kimsuky exploiting improperly configured DNS Domain-based Message Authentication, Reporting and Conformance (DMARC) record policies to conceal social engineering attempts [3]. This advisory characterized DPRK’s tendency to pose as academics, journalists, or other East Asian experts for campaigns against South Korea, the United States, and Europe [2][3].
In late July …
Kimsuky is a North Korean APT group tasked with global intelligence collection operations aligned with the North Korean government’s interests. The group has been active since at least 2012 and has a particular interest in South Korean think tanks and government entities; however, it also targets the United States, the United Kingdom, and other European countries. Kimsuky specializes in targeted phishing campaigns, leveraging malicious attachments in follow-on emails after establishing trust through email correspondence [1][2].
In the Spring of 2024, the NSA and FBI released a joint cybersecurity advisory pointing to the Democratic People’s Republic of Korea (DPRK, a.k.a. North Korea), specifically Kimsuky exploiting improperly configured DNS Domain-based Message Authentication, Reporting and Conformance (DMARC) record policies to conceal social engineering attempts [3]. This advisory characterized DPRK’s tendency to pose as academics, journalists, or other East Asian experts for campaigns against South Korea, the United States, and Europe [2][3].
In late July …
IoC
audko.store
dorray.site
gkjoiup.site
gkjoiup.store
nlsie.store
nsonlines.store
nusiu.live
osihi.store
simos.online
sorsi.online
wodods.online
wodods.xyz
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
dorray.site
gkjoiup.site
gkjoiup.store
nlsie.store
nsonlines.store
nusiu.live
osihi.store
simos.online
sorsi.online
wodods.online
wodods.xyz
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]