North Korea Refines Social Media Tactics for Targeting of Specific Sectors
Category: Threat Actor Activity | Industries: Education, Media, Think Tanks | Source: IC3
A joint advisory from the US and South Korean intelligence agencies was issued, warning the public of social engineering attacks from North Korean state-sponsored threat group, Kimsuky targeting business entities associated with education, media, and think tanks. The objective of the campaigns is identified with the goal of information collection. "We assess the primary goals of the DPRK regime’s cyber program including maintaining consistent access to current intelligence about the United States, South Korea, and other countries of interest to impede any political, military, or economic threat to the regime’s security and stability," as stated in the advisory.
Spearphishing is the primary social engineering vector Kimsuky operators exploit. Over the years they're known to improve their impersonation attempts, studying their targets to develop a deep understanding of impersonated users using open-source information and spoof domains closely to trick victims. Kimsuky impersonates established and trustworthy sources to lure victims "into unwittingly exposing confidential or sensitive information for fraudulent purposes." Each successful compromise enables Kimsuky to springboard and advance its operations against other high-priority targets. Whilst some of Kimsuky's tactics are found to incorporate basic levels of social engineering. They're still effective as targets "do not perceive their research and communications as sensitive in nature, or because they are not aware of how these efforts fuel the regime’s broader cyber espionage efforts."