This report describes the techniques used by a North Korean cyber group called Kimsuky. Kimsuky is employed by the North Korean government with the goal of collecting information from countries around the world, including South Korea, Japan, and the United States. They use phishing attacks to plant malware into target networks to get access and then use this to steal information related to national security issues of the Korean peninsula, nuclear policies, and sanctions. They like to target individuals who are experts in their field and also South Korean government networks. The report warns commercial sector businesses, and anyone else worried about their data privacy, to train users of their network to be aware of phishing attacks and to enable multi-factor authentication as a safeguard.
Author:
Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), U.S. Cyber Command Cyber National Mission Force (CNMF)
