Today the Department of State, the Federal Bureau of Investigation, and the National Security Agency have issued a Cybersecurity Advisory alerting the public to a new strategy employed by the DPRK cyber group Kimsuky in their social engineering operations. According to an unnamed spokesperson for the agencies, the DPRK is utilizing improperly configured DNS DMARC record policies to enhance their spearphishing attempts.
The Cybersecurity Advisory highlights that Kimsuky, a cyber group within the DPRK's military intelligence organization, the Reconnaissance General Bureau, is engaging in large-scale social engineering campaigns to manipulate and compromise victims for intelligence gathering purposes. The spokesperson emphasized the importance of understanding how Kimsuky actors operate, recognizing warning signs of spearphishing campaigns, and implementing mitigation measures to strengthen network security and DMARC policies against Kimsuky operations.
In conclusion, the advisory recommends that individuals who suspect they have been targeted by a Kimsuky spearphishing campaign should report the incident to www.ic3.gov and reference #KimsukyCSA in the description, as stated by an unidentified spokesperson for the Cybersecurity Advisory.
