Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Alerts

N. Korean Hackers: Impersonating Journalists

June 5, 2023
Reading Time: 2 mins read
in Alerts

The North Korean state-sponsored hacker group known as Kimsuky (APT43) has been conducting spear-phishing campaigns by impersonating journalists and academics to gather intelligence from various organizations, including think tanks, research centers, academic institutions, and media outlets.

Multiple government agencies from the U.S. and South Korea have issued a joint advisory after tracking the group’s activities and analyzing their recent campaigns. Kimsuky, also known as Thallium and Velvet Chollima, has been engaged in large-scale espionage campaigns since at least 2012 to support North Korea’s intelligence goals.

The advisory highlights the tendency of targeted entities to underestimate the threat posed by these social engineering campaigns, either due to the perception of their research and communications as non-sensitive or a lack of awareness of the broader cyber espionage efforts of the regime.

North Korea heavily relies on the intelligence gained by compromising policy analysts, and successful compromises allow Kimsuky actors to craft more credible and effective spear-phishing emails to target more sensitive and higher-value individuals or organizations.

Kimsuky hackers employ sophisticated techniques in their spear-phishing attacks, using email addresses that closely resemble those of real individuals and creating convincing content tailored to their targets.

Over the years, they have continuously refined their social engineering tactics, making their efforts increasingly difficult to detect. Their impersonation as journalists and writers revolves around inquiring about current political events in the Korean peninsula, the North Korean weapons program, U.S. talks, China’s stance, and other relevant topics. The initial emails sent by Kimsuky are typically free of malware or attachments, aiming to establish trust with the targets.

To mitigate the threat posed by Kimsuky, the advisory recommends implementing strong passwords and enabling multi-factor authentication (MFA) to protect accounts. Users are advised to exercise caution when handling emails from unknown individuals, avoiding the enabling of macros and scrutinizing documents from cloud hosting services, as legitimacy does not guarantee safety.

Verifying contact information through official websites and conducting preliminary video calls are suggested as effective strategies to verify the legitimacy of communication and avoid potential impersonation attempts.

Overall, the joint advisory serves as a comprehensive warning about the activities of the Kimsuky hacker group and provides actionable measures to protect against their spear-phishing campaigns.

Heightened awareness, strong security practices, and diligent verification can help organizations and individuals safeguard their sensitive information from these state-sponsored cyber threats.

Reference:
  • North Korea Using Social Engineering to Enable Hacking of Think Tanks, Academia, and Media

Tags: APT43Cyber AlertCyber Alerts 2023espionageJune 2023kimsukyNorth KoreaPhishingUSA
ADVERTISEMENT

Related Posts

New Linux Flaws Allow Easy Root Access

New Linux Flaws Allow Easy Root Access

June 18, 2025
New Linux Flaws Allow Easy Root Access

Langflow Flaw Delivers Flodrix DDoS Botnet

June 18, 2025
New Linux Flaws Allow Easy Root Access

Google Fixes GerriScary Supply Chain Flaw

June 18, 2025
Water Curse Group Hits Developers Via GitHub

Water Curse Group Hits Developers Via GitHub

June 17, 2025
Water Curse Group Hits Developers Via GitHub

XDSpy Exploits Windows LNK Zero Day

June 17, 2025
Water Curse Group Hits Developers Via GitHub

CISA Warns Of Apple Zero Click Exploit

June 17, 2025

Latest Alerts

New Linux Flaws Allow Easy Root Access

Google Fixes GerriScary Supply Chain Flaw

Langflow Flaw Delivers Flodrix DDoS Botnet

Water Curse Group Hits Developers Via GitHub

XDSpy Exploits Windows LNK Zero Day

CISA Warns Of Apple Zero Click Exploit

Subscribe to our newsletter

    Latest Incidents

    Scania Insurance Data Stolen In Partner Hack

    Pro Israel Group Claims $81M Nobitex Hack

    Hacker Sells Data Of 1M Cock.li Users

    Zoomcar Data Breach Hits 8.4 Million Users

    Qilin Gang Leaks Asefa FC Barcelona Data

    Gunra Claims 45TB Hack On Colombia Justice

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial