On June 2nd, the Korean NIS (National Intelligence Service), NPA (National Police Agency), and MOFA (Ministry of Foreign Affairs) released a joint security advisory regarding the spear phishing attacks of North Korea’s Kimsuky group with the US FBI (Federal Bureau of Investigation), DoS (Department of State), and NSA (National Security Agency). The government agencies stated that the act was done to raise awareness of members of global think tanks, academic institutions, and media companies on CNE (Computer Network Exploitation) using social engineering, adding that the group usually impersonates reporters, scholars, or individuals with connections to groups handling North Korea-related policies to launch spear phishing attacks by email.
- Title: North Korea Using Social Engineering to Enable Hacking of Think Tanks, Academia, and Media
- Security Advisory: National Security Agency (NSA) Link
While the IOCs have not been released, AhnLab Security Emergency response Center (ASEC) had published articles in the past about social engineering methods employed by the Kimsuky hacking group similar to the published details.
[ASEC Blog URLs]
| Uploaded Date | Post Title | Link |
| May 18, 2023 | Kimsuky’s Attack Attempts Disguised as Press Releases of Various Topics | Link |
| May 16, 2023 | Kimsuky Group’s Phishing Attacks Targeting North Korea-Related Personnel | Link |
| Mar. 23, 2023 | Kimsuky Group Distributes Malware Disguised as Profile Template (GitHub) | Link |
| Mar. 8, 2023 | CHM Malware Disguised as North Korea-related Questionnaire (Kimsuky) | Link |
| Nov. 16, 2022 | Malicious Word Document Being Distributed in Disguise of a News Survey | Link |
| Aug. 19, 2022 | Malicious Word Files Targeting Specific Individuals Related to North Korea | Link |
| July 26, 2022 | Word File Provided as External Link When Replying to Attacker’s Email (Kimsuky) | Link |
| Apr. 27, 2022 | Word Files Related to Diplomacy and National Defense Being Distributed | Link |
Subscribe to AhnLab’s next-generation threat intelligence platform ‘AhnLab TIP’ to check related IOC and detailed analysis information.
The post Similar AhnLab Response Cases Regarding Korea-US Joint Cyber Security Advice appeared first on ASEC BLOG.
Article Link: Similar AhnLab Response Cases Regarding Korea-US Joint Cyber Security Advice - ASEC BLOG