ADVERTISEMENT
Thursday, August 21, 2025
No Result
View All Result
The AZB More Than Just News
  • HOME
  • Latest News
  • Business
  • PAKISTAN
  • SPORTS
  • WORLD
  • E-Paper
  • SCI-TECH
  • BANKING
  • ARTICLES
  • OPINION
  • MORE
    • MOBILE
    • TELECOM
    • PERSONALITY
    • HEALTH / EDUCATION
  • HOME
  • Latest News
  • Business
  • PAKISTAN
  • SPORTS
  • WORLD
  • E-Paper
  • SCI-TECH
  • BANKING
  • ARTICLES
  • OPINION
  • MORE
    • MOBILE
    • TELECOM
    • PERSONALITY
    • HEALTH / EDUCATION
No Result
View All Result
Daily The Azb
No Result
View All Result
Home Headline

North Korea Using Social Engineering to Enable Hackingof Think Tanks, Academia, and Media SUMMARY.

News Desk
June 8, 2023
North Korea Using Social Engineering to Enable Hackingof Think Tanks, Academia, and Media SUMMARY.
Share on FacebookShare on Twitter

The Federal Bureau of Investigation (FBI), the U.S. Department of State, and the National Security Agency (NSA), together with the Republic of Korea’s National Intelligence Service (NIS), National Police Agency (NPA), and Ministry of Foreign Affairs (MOFA), are jointly issuing this advisory to highlight the use of social engineering by the Democratic People’s Republic of Korea (DPRK a.k.a. North Korea) state-sponsored cyber actors to enable computer network exploitation (CNE) globally against individuals employed by research centers and think tanks, academic institutions, and news media organizations. These North Korean cyber actors are known to conduct spear phishing campaigns posing as real journalists, academics, or other individuals with credible links to North Korean policy circles. The DPRK employs social engineering to collect intelligence on geopolitical events, foreign policy strategies, and diplomatic efforts affecting its interests by gaining illicit access to private documents, research, and communications of their targets.

BACKGROUND

Advertisements

North Korea’s cyber program provides the regime with broad intelligence collection and espionage capabilities. The Governments of the United States and the Republic of Korea (ROK a.k.a. South Korea) have observed sustained information-gathering efforts originating from these North Korean cyber actors.NorthKorea’sprimarymilitaryintelligenceorganization,theReconnaissanceGeneralBureau (RGB), which has been sanctioned by the United Nations Security Council, is primarilyresponsibleforthisnetworkofactors and for activities.

We assess the primary goals of the DPRK regime’s cyber program including maintaining consistent access to current intelligence about the United States, South Korea, and other countries of interest toimpedeanypolitical, military, or economic threattotheregime’ssecurityandstability.

Currently, the U.S. and ROK Governments, and private sector cyber security companies, track a specific set of DPRKcyberactorsconductingthese large-scalesocialengineeringcampaignsas

Disclaimer: This document is marked TLP:CLEAR. Disclosure is not limited. Sources may use TLP:CLEARwhen information carries minimal or no foreseeable risk of misuse, by applicable rules and procedures for public release. Subject to standard copyright rules, TLP:CLEAR information may be distributed without restriction.FormoreinformationontheTrafficLightProtocol, see HTTPS://www.cisa.gov/tlp.

Kimsuky, Thallium, APT43, Velvet Chollima, and Black Banshee. Kimsuky is administratively subordinate to an element within North Korea’s RGB and has conducted broad cyber campaigns in support of RGB objectives since at least 2012. Kimsuky actors’ primary mission is to provide stolendataandvaluable geopoliticalinsighttothe NorthKoreanregime.

Some targeted entities may discount the threat posed by these social engineering campaigns, either because they do not perceive their research and communications as sensitive, or because they are not aware of how these efforts fuel the regime’s broader cyberespionage efforts. However, as outlined in this advisory, North Korea relies heavily on intelligence gained by compromising policy analysts. Further, successful compromises enable Kimsuky actors to craft more credible and effective spearphishing emails that can be leveraged against more sensitive, higher-value targets. The authoring agencies believe that raising awareness of some of these campaigns and employing basic cyber security practices may frustrate the effectiveness of Kimsuky’s spearphishing operations. This advisory provides detailed information on how Kimsuky actors operate; red flags to consider as you encounter common themes and campaigns; and general mitigation measures for entities worldwide toimplementtobetterprotectagainstKimsuky’s CNE operations.

Ifyoubelieveyouhavebeentargetedinoneofthesespearphishingcampaigns,whetherornotit resulted in a compromise (particularly if you are a member of one of the targeted sectors), please file areportwithwww.ic3.govandreference #KimsukyCSAin the incident description.

Pleaseincludeasmuchdetailasyoucanabouttheincidentincludingthesenderemailaddressand the text of the email message, specifying any links/URLs/domains. Please specify whether you responded to the email, click on any links, or open any attachments. Pleaseretaintheoriginalemailandattachmentsincaseyouarecontactedbyaninvestigatorforfurtherinformation.

Please visit www.ic3.govanduse#KimsukyCSAinyoursubmission.

The U.S. Government also encourages victims to report suspicious activities, including any suspected DPRK cyber activities, to local FBI field offices.

For the ROK government, you can report suspicious activities to the National IntelligenceService(www.nis.go.kr,111), the theNationalPoliceAgency(ecrm.police.go.kr,182),ortheKoreaInternet& SecurityAgency(boho.or.kr,118)

KIMSUKYOPERATIONS:SOCIAL ENGINEERING

In a cybersecurity context, social engineering is a broad term referring to the use of deception to exploit human error and manipulate a target into unwittingly exposing confidential or sensitive information for fraudulent purposes. DPRK cyber actors employ social engineering techniques toenablemuchofPyongyang’smaliciousCNE.Among social engineering techniques, Kimsukyactorsuse spearphishing—or the use of fabricated emails and digital communications tailored to deceive a target—as one of their primary vectors for initiating a compromise and gaining access into a target’s-devices and networks. For over a decade, Kimsuky actors have continued to refine their socialengineeringtechniquesandmadetheirspearphishingeffortsincreasinglydifficulttodiscern.

A Kimsuky spearphishing campaign begins with broad research and preparation. DPRK cyber actors often use open-source information toidentifypotentialtargetsofvalue and then tailor their online personas to appear more realistic and appealing to their victims.

The Kimsuky actors will create email addressesthatresembleemailaddressesofrealindividuals they seek to impersonate and generatedomainsthathostthe

malicious content of a spearphishing message. DPRK actors often use domains that resemble common internet services and media sites to deceive a target.

For example, Kimsuky actors are known to impersonate well-known news outlets andjournalistsusingadomainsuchas“@XYZkoreas.news”spoofingarealnewsstationwhileactualemailsfromthenews service appear as “@XYZnews.com.”

DPRK cyber actors commonly take on the identities of real people to gain trust and establish rapport in their digital communications. Kimsuky actors may have previously compromised the email accounts of the person whom they are impersonating. This allows the actors to search for targets while scanning through compromised emails, with a particular focus on work-related files and personal information about retirees, and social clubs.

By: Zahid .H.Karani .

Advertisements
News Desk

News Desk

Welcome to our web desk! We're a dedicated team of digital enthusiasts passionate about delivering timely and engaging content to our online audience.

Related Posts

Pakistan-Romania Partnership Opportunities Explored by Marsh / Oceanic Group
Business

Pakistan-Romania Partnership Opportunities Explored by Marsh / Oceanic Group

August 20, 2025
Pakistan Army Steps In to Assist Citizens After Heavy Rainfall in Karachi
Headline

Pakistan Army Steps In to Assist Citizens After Heavy Rainfall in Karachi

August 20, 2025
Rain Havoc in Karachi: Government Must Ensure Safety of Citizens – Muhammad Aman Pracha
Business

Rain Havoc in Karachi: Government Must Ensure Safety of Citizens – Muhammad Aman Pracha

August 20, 2025
Punjab Government to Transform 1,200 Villages into Model Settlements under Suthra Punjab Initiative
Headline

Interest-Free Electric Taxis for Punjab – Applications Open Soon!

August 20, 2025
Seven killed as heavy rain paralyses Karachi
Headline

Rain, Thunderstorms, and Haze to Hit Karachi on August 20–21, 2025

August 20, 2025
Interest-Free Loans Up to PKR 30 Million Under Asaan Karobar Scheme
Headline

Interest-Free Loans Up to PKR 30 Million Under Asaan Karobar Scheme

August 20, 2025
Karachi Rain Havoc: Eight Dead, Sindh CM Declares Public Holiday Amid Urban Flooding
Headline

Karachi Rain Havoc: Eight Dead, Sindh CM Declares Public Holiday Amid Urban Flooding

August 20, 2025
Tetra Pak Pakistan Limited and Bulleh Shah Packaging Partner to Strengthen Used Beverage Carton Recycling in Pakistan
Business

Tetra Pak Pakistan Limited and Bulleh Shah Packaging Partner to Strengthen Used Beverage Carton Recycling in Pakistan

August 20, 2025
From Perfect Shots to Perfect Notes – Meet the AI-Powered Reno14 Series 
Business

From Perfect Shots to Perfect Notes – Meet the AI-Powered Reno14 Series 

August 20, 2025
Heavy rains remind the need of better drainage, rainwater harvesting: Altaf Shakoor
Headline

Heavy rains remind the need of better drainage, rainwater harvesting: Altaf Shakoor

August 20, 2025
Next Post
Country is at stake all shopkeepers should be included in tax net.

Country is at stake all shopkeepers should be included in tax net.

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *


Most Popular

Lahore LGBTQ-themed Event Featuring ‘Satanic’ Imagery Triggers Online Outrage

Reckitt Benckiser (RB) & partners to revolutionize access of health & hygiene across 1 million rural households, backed by the UK Government

Binance Holds Over One-Third of Crypto Exchange Market Share in the United States, United Kingdom and Germany.

Punjab Government to Transform 1,200 Villages into Model Settlements under Suthra Punjab Initiative

Ather Iqbal & Irfan Fadoo organized a dinner reception at their residency.

Must Read

CokeFest - Coca-Cola Food Festival (1)
Headline

Love of Food and Music! : Coke Fest heads to Karachi for the Love of Food & Music

December 3, 2018
Economic decline accelerating.
Headline

Economic decline accelerating.

December 23, 2022
The Azb is a 24/7 online news platform that covers a wide range of topics including business, economics, technology, finance, travel, fashion, and lifestyle.

Quick Links

  • Home
  • About us
  • SCI-TECH
  • Live TV
  • Banking

Useful Links

  • Videos
  • Reviews
  • Advertorial
  • Photos
  • About us
  • Author
  • Home
  • Latest News
  • Partner
  • Privacy Policy
  • Russian Theatre Group Celebrates Fifth Anniversary in Pakistan.
  • Terms and Conditions
  • The Azb – More Than Just News
  • Contact

© Copyright 2024 theazb. All Rights Reserved.

No Result
View All Result
  • HOME
  • Latest News
  • Business
  • PAKISTAN
  • SPORTS
  • WORLD
  • E-Paper
  • SCI-TECH
  • BANKING
  • ARTICLES
  • OPINION
  • MORE
    • MOBILE
    • TELECOM
    • PERSONALITY
    • HEALTH / EDUCATION

© Copyright 2024 theazb. All Rights Reserved.