U.S. Government Cybersecurity Alert: Democratic People’s Republic of Korea (DPRK) Using New Tactic in Social Engineering Operations

Today the Department of State, the Federal Bureau of Investigation, and the National Security Agency are releasing a Cybersecurity Advisory on a new tactic the DPRK cyber group known as Kimsuky is deploying to enhance its social engineering and hacking efforts targeting think tanks, academic institutions, non-profit organizations, and members of the media. The DPRK's exploitation of improperly configured DNS Domain-based Message Authentication, Reporting, and Conformance (DMARC) record policies allows the DPRK to spoof legitimate email sender domains in order to conceal spearphishing attempts more effectively.

Kimsuky, a group of cyber actors within the DPRK's military intelligence organization, the Reconnaissance General Bureau, conducts large-scale social engineering campaigns intended to manipulate and compromise victims for the purpose of intelligence gathering.

This joint Cybersecurity Advisory provides detailed information on how Kimsuky actors operate, warning signs of spearphishing campaigns, and mitigation measures to enhance network security and DMARC policies to protect against Kimsuky operations.

If you believe you've been targeted by a spearphishing campaign involving Kimsuky actors, please report the incident to www.ic3.gov and reference #KimsukyCSA in the description.