SoatDev IT Consulting
SoatDev IT Consulting
  • About us
  • Expertise
  • Services
  • How it works
  • Contact Us
  • News
  • June 6, 2023
  • Rss Fetcher

Security researchers have warned that North Korean government-backed hackers are impersonating journalists to gather strategic intelligence to help guide the country’s decision making.

SentinelLabs researchers said on Tuesday that they had linked a social engineering campaign targeting experts in North Korean affairs to a North Korean advanced persistent threat (APT) group known as Kimsuky. The group, also known as APT43, Thallium, and Black Banshee, has been operating since at least 2012 and is known for using social engineering and targeted phishing emails and to gather sensitive information on behalf of the North Korean regime.

Kimsuky’s latest social engineering campaign targeted subscribers of NK News, an American subscription-based website that provides stories and analysis about North Korea.

SentinelLabs observed Kimsuky impersonating Chad O’Carroll, the founder of NK News, to deliver a spoofed Google Docs web link to NK News subscribers, which redirected to a malicious website specifically crafted to capture a victim’s Google credentials. In some cases, the Kimsuky hackers also delivered a weaponized Microsoft Office document that executes the ReconShark malware, which is capable of exfiltrating information like what detection mechanisms are in use on a device and information about the device itself.

In another attack observed by SentinelLabs, Kimsuky distributed an email that asked subscribers to log in to a spoofed NK News subscription service. Gaining access to users’ NK News credentials would provide the North Korean hackers with “valuable insights into how the international community assesses and interprets developments related to North Korea, contributing to their broader strategic intelligence-gathering initiatives,” wrote Aleksandar Milenkosi, a senior threat researcher at SentinelLabs.

Kimsuky was also observed sending legitimate Google Docs links and Word documents that were free of malware in order to develop a rapport with their targets before initiating their malicious activities.

SentinelLabs’ analysis comes days after the U.S. and South Korean governments issued an advisory warning that Kimsuky had been carrying out targeted spearphishing attacks to funnel valuable geopolitical insights and other stolen data to the North Korean regime.

The joint advisory warned that the Kimsuky group was impersonating journalists, academics, think tank researchers and government officials to target individuals working on North Korean affairs.

“These cyber actors are strategically impersonating legitimate sources to collect intelligence on geopolitical events, foreign policy strategies, and security developments of interest to [North Korea] on the Korean Peninsula,” NSA cybersecurity director Rob Joyce said. “Education and awareness are the first line of defense against these social engineering attacks.”

At the time, South Korea’s Ministry of Foreign Affairs (MOFA) also imposed sanctions on the North Korean hacking group and identified two cryptocurrency addresses used by Kimsuky. The government also accused the group of being involved in a failed spy satellite launch last week.

3CX blames North Korea for supply chain mass-hack

North Korean hackers impersonated journalists to gather intel from academics and think tanks by Carly Page originally published on TechCrunch

Previous Post
Next Post

Recent Posts

  • Bonfire’s new software lets users build their own social communities, free from platform control
  • X tests highlighting posts that are liked by users with opposing views
  • Scientific papers: innovation … or imitation?
  • Google says its updated Gemini 2.5 Pro AI model is better at coding
  • Apple says 82% of compatible iPhones are running iOS 18

Categories

  • Industry News
  • Programming
  • RSS Fetched Articles
  • Uncategorized

Archives

  • June 2025
  • May 2025
  • April 2025
  • February 2025
  • January 2025
  • December 2024
  • November 2024
  • October 2024
  • September 2024
  • August 2024
  • July 2024
  • June 2024
  • May 2024
  • April 2024
  • March 2024
  • February 2024
  • January 2024
  • December 2023
  • November 2023
  • October 2023
  • September 2023
  • August 2023
  • July 2023
  • June 2023
  • May 2023
  • April 2023

Tap into the power of Microservices, MVC Architecture, Cloud, Containers, UML, and Scrum methodologies to bolster your project planning, execution, and application development processes.

Solutions

  • IT Consultation
  • Agile Transformation
  • Software Development
  • DevOps & CI/CD

Regions Covered

  • Montreal
  • New York
  • Paris
  • Mauritius
  • Abidjan
  • Dakar

Subscribe to Newsletter

Join our monthly newsletter subscribers to get the latest news and insights.

© Copyright 2023. All Rights Reserved by Soatdev IT Consulting Inc.