Suspected North Korean Cyber Espionage Campaign Targets Multiple Foreign Ministries and Think Tanks
Contents
August 20, 2019
-
Anomali Threat Research
Suspected North Korean Cyber Espionage Campaign Targets Multiple Foreign Ministries and Think Tanks
<p><em>revised on August 22, 2019</em></p><p>Anomali researchers recently observed a site masquerading as a login page for a diplomatic portal linked to the French government. Further analysis of the threat actorâs infrastructure uncovered a broader phishing campaign targeting three different countriesâ Ministry of Foreign Affairs agencies. Also targeted were four research-oriented organisations including: Stanford University, the Royal United Services Institute (RUSI), a United Kingdom-based think tank, Congressional Research Service (CRS), a United States-based think tank, and five different email service providers. There is an overlap of infrastructure with known North Korean actors, including the same domain and shared hosting provider. Because of the links between one of the victims and their work on North Korean sanctions, we expect to see malicious actors continue to target the international staff involved in a similar official capacity.</p><p>Prior to …
-
Anomali Threat Research
Suspected North Korean Cyber Espionage Campaign Targets Multiple Foreign Ministries and Think Tanks
<p><em>revised on August 22, 2019</em></p><p>Anomali researchers recently observed a site masquerading as a login page for a diplomatic portal linked to the French government. Further analysis of the threat actorâs infrastructure uncovered a broader phishing campaign targeting three different countriesâ Ministry of Foreign Affairs agencies. Also targeted were four research-oriented organisations including: Stanford University, the Royal United Services Institute (RUSI), a United Kingdom-based think tank, Congressional Research Service (CRS), a United States-based think tank, and five different email service providers. There is an overlap of infrastructure with known North Korean actors, including the same domain and shared hosting provider. Because of the links between one of the victims and their work on North Korean sanctions, we expect to see malicious actors continue to target the international staff involved in a similar official capacity.</p><p>Prior to …