North Korea Hackers Linked to Breach of German Missile Manufacturer

September 30, 2024 at 01:45PM A professional hacking team affiliated with the North Korean government infiltrated the German company Diehl Defence, known for producing air defense systems and missiles, using phishing tactics to target employees. The group, attributed to the Kimsuky APT, employed booby-trapped files and mock job offers to carry out the attack. Kimsuky … Read more

N. Korean Hackers Deploy New KLogEXE and FPSpy Malware in Targeted Attacks

September 26, 2024 at 08:54AM Threat actors linked to North Korea have introduced two new malware strains, named KLogEXE and FPSpy, as part of their cyber activity. These strains enhance the capabilities of the group known as Sparkling Pisces and are used for espionage and data collection. The targets have mainly been in South Korea … Read more

University Professors Targeted by North Korean Cyber Espionage Group

August 8, 2024 at 12:21PM Kimsuky, a North Korea-linked threat actor, has been identified in new cyber attacks targeting university staff for intelligence gathering. The attacks involve spear-phishing campaigns and use of a web shell to capture credentials and stage phishing pages. To combat this, users are advised to enable multi-factor authentication and scrutinize URLs … Read more

North Korean hackers exploit VPN update flaw to install malware

August 5, 2024 at 01:24PM The South Korean National Cyber Security Center (NCSC) warns that state-backed DPRK hackers exploited VPN software flaws to deploy malware and breach networks. The activity is connected to a nationwide industrial modernization project announced by Kim Jong-un. The threat groups implicated are Kimsuky and Andariel, targeting the same sector simultaneously. … Read more

North Korean Hackers Deploy New Golang Malware ‘Durian’ Against Crypto Firms

May 10, 2024 at 11:27AM North Korean threat actor Kimsuky deployed Golang-based malware Durian in targeted cyber attacks on South Korean cryptocurrency firms, per Kaspersky’s APT trends report. The attacks used legitimate South Korean software, establishing a connection to the attacker’s server to execute the infection. Kimsuky aims to steal data and geopolitical insight for … Read more

NSA warns of North Korean hackers exploiting weak DMARC email policies

May 3, 2024 at 03:24PM The NSA and FBI warned of APT43, a North Korea-linked hacking group exploiting weak DMARC policies to launch spearphishing attacks. The attacks aim to gather intelligence on geopolitical events and gain access to private documents and communications. To mitigate this, organizations are advised to update their DMARC policies to prevent … Read more

US Says North Korean Hackers Exploiting Weak DMARC SettingsĀ 

May 3, 2024 at 12:15PM The US government warns of North Korea-linked hacking group Kimsuky exploiting weak email DMARC settings to conceal spear phishing attacks. They collect intelligence on geopolitical events and maintain access to information affecting North Korean interests. Kimsuky has been engaging in cyber activities since 2012 and conducts well-researched spear phishing campaigns. … Read more

DPRK’s Kimsuky APT Abuses Weak DMARC Policies, Feds Warn

May 2, 2024 at 05:06PM North Korean hackers use weak DMARC configurations to impersonate organizations in phishing attacks against individuals targeted by the Kim Jong Un regime. FBI and NSA warn about APT Kimsuky’s exploiting of this vulnerability, posing significant risks. Proper DMARC, SPF, and DKIM configuration are crucial for preventing such cyber threats. Based … Read more

North Korea APT Slapped With Cyber Sanctions After Satellite Launch

December 1, 2023 at 04:08PM The US Treasury sanctioned North Korean cyberespionage group Kimsuky, hindering DPRK’s WMD program by disrupting revenue and intelligence gathering. Kimsuky, active since 2013, remains resilient despite sanctions from the US and allies. Greater awareness and cybersecurity are needed to combat North Korea’s cyber threats. Meeting Takeaways: 1. The US Department … Read more

U.S. Treasury Sanctions North Korean Kimsuky Hackers and 8 Foreign Agents

December 1, 2023 at 03:48AM The U.S. Treasury sanctioned Kimsuky, a North Korea-linked cyber espionage group, and eight individuals for supporting DPRK’s WMD programs and evading sanctions. Kimsuky, active since 2012, targets governments and organizations mainly for intelligence relevant to North Korea’s interests and missile technology. **Takeaways from the Meeting:** 1. The U.S. Department of … Read more