Kimsuky's Hack: Targeting North Korean Affairs for Intel

Diving into details

• Kimsuky operatives extensively communicate via email and employ deceptive URLs, counterfeit websites resembling legitimate platforms, and malware-infected Microsoft Office documents as weapons.
• Initially, the hackers send victims an email requesting their review of a draft article concerning North Korea's nuclear weapons. 
• If the victims respond, the hackers then provide them with a URL leading to a Google document. However, this document is a trap, directing the victims to a malicious website created to steal their Google login credentials.
• Additionally, the hackers were observed sending harmful Office documents containing the ReconShark malware. This malware is specifically designed to extract relevant victim information necessary for executing precise follow-up attacks, including deployed detection mechanisms and hardware details.

Why this matters

• Kimsuky's recent activities show an increased focus on establishing early communication and building trust with its targets before launching malicious operations, including malware distribution. 
• This approach emphasizes the group's dedication to fostering rapport with its victims, potentially enhancing the success of subsequent malicious activities.
• By specifically targeting prominent experts in North Korean affairs and stealing subscription credentials from reputable news outlets covering North Korea, Kimsuky displays a heightened interest in comprehending the international community's perception of North Korea's developments, particularly its military actions. 
• These actions likely contribute to its broader goal of gathering strategic intelligence and influencing North Korea's decision-making processes.

The bottom line