Posted By AhnLab_en , June 8, 2023

Similar AhnLab Response Cases Regarding Korea-US Joint Cyber Security Advice

On June 2nd, the Korean NIS (National Intelligence Service), NPA (National Police Agency), and MOFA (Ministry of Foreign Affairs) released a joint security advisory regarding the spear phishing attacks of North Korea’s Kimsuky group with the US FBI (Federal Bureau of Investigation), DoS (Department of State), and NSA (National Security Agency). The government agencies stated that the act was done to raise awareness of members of global think tanks, academic institutions, and media companies on CNE (Computer Network Exploitation) using social engineering, adding that the group usually impersonates reporters, scholars, or individuals with connections to groups handling North Korea-related policies to launch spear phishing attacks by email.

Title: North Korea Using Social Engineering to Enable Hacking of Think Tanks, Academia, and Media
Security Advisory: National Security Agency (NSA) Link

While the IOCs have not been released, AhnLab Security Emergency response Center (ASEC) had published articles in the past about social engineering methods employed by the Kimsuky hacking group similar to the published details.

[ASEC Blog URLs]

Uploaded Date	Post Title	Link
May 18, 2023	Kimsuky’s Attack Attempts Disguised as Press Releases of Various Topics	Link
May 16, 2023	Kimsuky Group’s Phishing Attacks Targeting North Korea-Related Personnel	Link
Mar. 23, 2023	Kimsuky Group Distributes Malware Disguised as Profile Template (GitHub)	Link
Mar. 8, 2023	CHM Malware Disguised as North Korea-related Questionnaire (Kimsuky)	Link
Nov. 16, 2022	Malicious Word Document Being Distributed in Disguise of a News Survey	Link
Aug. 19, 2022	Malicious Word Files Targeting Specific Individuals Related to North Korea	Link
July 26, 2022	Word File Provided as External Link When Replying to Attacker’s Email (Kimsuky)	Link
Apr. 27, 2022	Word Files Related to Diplomacy and National Defense Being Distributed	Link