US and South Korean security agencies have issued a joint warning regarding North Korea’s use of social engineering tactics in cyber-attacks.
The document was published on Thursday by the Federal Bureau of Investigation (FBI), the US Department of State, the National Security Agency (NSA), the Republic of Korea’s National Intelligence Service (NIS), the National Police Agency (NPA) and the Ministry of Foreign Affairs (MOFA).
It highlights the state-sponsored cyber actors’ efforts to exploit computer networks globally, explicitly targeting individuals working in research centers, think tanks, academic institutions and news media organizations.
The advisory identifies several North Korean cyber actors: Kimsuky, Thallium, APT43, Velvet Chollima and Black Banshee. These employ spear phishing campaigns, masquerading as journalists, academics or individuals with credible connections to North Korean policy circles.
By utilizing social engineering techniques, these actors aim to gain unauthorized access to their targets’ private documents, research and communications. This enables them to collect intelligence on geopolitical events, foreign policy strategies and diplomatic efforts, furthering North Korea’s interests.
“This warning from the US and South Korea highlights how cyber-criminals are utilizing spear phishing to steal credentials from people in a bid to gain highly sensitive intelligence,” commented Julia O’Toole, CEO of MyCena Security Solutions.
“Once the criminals have then secured these credentials, they can then log into the target’s work email accounts and steal military and aerospace intelligence that can be used to advance their own programs.”
The executive added that the connection between attacks is often overlooked, leading to their increased effectiveness. Many individuals are unaware that a seemingly harmless phishing email could ultimately aid North Korea in gathering intelligence for its military program. However, such coordinated attacks are prevalent in today’s cyber landscape.
“These spear-phishing attacks aim at stealing users’ logins and passwords, so the best defense is to remove these from users’ knowledge,” O’Toole added.
“When organizations generate strong random independent passwords for each application and distribute them encrypted to their employees, the users can’t see, know, type or hand over their passwords in phishing or web spoofing scams. That makes employees invulnerable to spear-phishing attacks.”
The joint advisory encourages individuals who suspect they have been targeted to report the incidents to the appropriate authorities. Its publication follows closely on the heels of the US imposing sanctions on four entities and one individual engaged in covert methods of generating revenue and carrying out malicious cyber activities in support of the North Korean government.