TLP: CLEAR
Recipients can spread this to the world, there is no limit on disclosure. Sources may use TLP:CLEAR when information carries minimal or no foreseeable risk of misuse, in accordance with applicable rules and procedures for public release. Subject to standard copyright rules, TLP:CLEAR information may be shared without restriction.
https://www.first.org/tlp/
Summary: The Federal Bureau of Investigation (FBI), the U.S. Department of State, and the National Security Agency (NSA), together with the Republic of Korea’s National Intelligence Service (NIS), National Police Agency (NPA), and Ministry of Foreign Affairs (MOFA), are jointly issuing this advisory to highlight the use of social engineering by the Democratic People’s Republic of Korea (DPRK a.k.a. North Korea) state-sponsored cyber actors to enable computer network exploitation (CNE) globally against individuals employed by research centers and think tanks, academic institutions, and news media organizations. These North Korean cyber actors are known to conduct spearphishing campaigns posing as real journalists, academics, or other individuals with credible links to North Korean policy circles. The DPRK employs social engineering to collect intelligence on geopolitical events, foreign policy strategies, and diplomatic efforts affecting its interests by gaining illicit access to the private documents, research, and communications of their targets.
Joint Cybersecurity Advisory: https://media.defense.gov/2023/Jun/01/2003234055/-1/-1/0/JOINT_CSA_DPRK_SOCIAL_ENGINEERING.PDF
NYSIC CAU Analyst Note: Campaigns involving Kimsuky spearphishing typically begin with broad research and preparation. The malicious actors use open-source information to identify potential targets and then tailor their online personas to appear more realistic and appealing to their victims. These actors also create email addresses that resemble those of real individuals or common internet services and media sites. The agencies that published this report believe that increasing awareness of some of these campaigns and basic cybersecurity literacy may reduce the effectiveness of Kimsuky’s spearphishing operations.
Author: FBI, NSA, U.S. DoS, ROK NIS, ROK NPA, ROK MOFA
This information has been forwarded by NYSIC to:
NYSIC CAU Contacts – CPWG
NYSIC CAU Contacts – OCT-CIP
NYSIC CAU Contacts – DHSES CIRT
NYSIC CAU Contacts – ITS EISO
NYSIC CAU Contacts – SLTT
NYSIC CAU Contacts – County Information Contacts
NYSIC CAU Contacts – Critical Infrastructure Partners: All
For more information, please contact the NYSIC Cyber Analysis Unit at (518) 786-2191 or CAU@nysic.ny.gov.
TLP: CLEAR
Recipients can spread this to the world, there is no limit on disclosure. Sources may use TLP:CLEAR when information carries minimal or no foreseeable risk of misuse, in accordance with applicable rules and procedures for public release. Subject to standard copyright rules, TLP:CLEAR information may be shared without restriction.
https://www.first.org/tlp/
CONFIDENTIALITY NOTICE: This e-mail, including any attachments, may contain highly sensitive and confidential information. It is intended only for the individual(s) named. If you received this e-mail in error or from someone who was not authorized to send it to you, do not disseminate, copy or otherwise use this e-mail or its attachments. Please notify the sender immediately by reply e-mail and delete the e-mail from your system.