U.S. releases new cybersecurity advisory against N.K.-linked cyber incursion group

By Song Sang-ho

WASHINGTON, May 2 (Yonhap) — The United States issued a cybersecurity advisory against a North Korea-linked cyber incursion group Thursday, accusing its actors of using malicious emails to glean intelligence for Pyongyang to inform its foreign policy and advance its national interests.

The Federal Bureau of Investigation, the State Department and the National Security Agency released the advisory to raise awareness about cyberactivities by Kimsuky, whose actors engage in “spearphishing,” an online attack targeting specific individuals and entities to gain sensitive information.

Kimsuky actors have conducted spearphishing campaigns posing as legitimate journalists, academics or other experts in East Asian affairs to collect intelligence on geopolitical events, adversary foreign policy strategies and other topics, according to the advisory.

The three organizations underscored attempts by these cyber actors to exploit improperly configured domain-based message authentication, reporting and conformance (DMARC) record policies to conceal their ill-intended attempts.

DMARC is an email security protocol that authenticates whether an email message, seemingly sent from an organization’s domain, was legitimately sent from that organization’s domain.

“Without properly configured DMARC policies, malicious cyber actors are able to send spoofed emails as if they came from a legitimate domain’s email exchange,” they warned in the advisory.

When an organization securely configures a DMARC policy, it helps ensure that malicious actors are unable to spoof the organization’s legitimate email domain when sending spearphishing messages to a target, they stressed.

In a virtual press briefing, a senior administration official said the U.S. has been keeping close tabs on North Korea’s illicit cyberactivities.

“The bottom line is that I think we have seen the DPRK government really leaned into its cyberattacks and its cybercrime over the past couple of years, and this is just one element of it,” he told reporters.

“The attacks are very sophisticated and becoming more so. It’s something that we are monitoring very closely.”

The U.S. has sanctioned Kimsuky for gathering intelligence to support the North’s strategic objectives. The group is subordinate to the U.N.- and U.S.-designated Reconnaissance General Bureau, a key North Korean intelligence service.