TLDR:
- The US government warns of North Korean threat actors exploiting weak email DMARC settings for spear phishing attacks.
- The threat actor known as Kimsuky is using spoofed emails to collect intelligence on geopolitical events.
The US government has issued an alert highlighting how a North Korea-linked hacking group known as Kimsuky is taking advantage of weak email Domain-based Message Authentication, Reporting and Conformance (DMARC) settings to carry out spear-phishing attacks. By spoofing email messages and masquerading as academics and experts in Eastern Asian affairs, Kimsuky aims to gather intelligence on geopolitical events and foreign policy strategies affecting North Korean interests. The hacking group, sanctioned by the US, has been engaged in cyber activities since 2012, conducting well-researched spear phishing campaigns using content from compromised email accounts. The alert advises individuals to be cautious of suspicious links and attachments, incorrect grammar in emails, and requests to enable macros. The US government has also provided mitigations that organizations can implement to prevent the successful delivery of spoofed emails to their targets.