Federal agencies have recently issued a cybersecurity alert, cautioning that hostile nations, which pose a significant national security risk to the United States, are providing support to hackers who are actively targeting American individuals and organizations.
The Federal Bureau of Investigations, U.S. Department of State, and National Security Agency have issued a joint advisory on cybersecurity, cautioning against the activities of Kimsuky, a military intelligence agency from North Korea. According to the advisory, Kimsuky is utilizing vulnerabilities in email systems to gain unauthorized access to private documents, research, and communications. Their aim is to gather intelligence on geopolitical events, adversary foreign policy strategies, and any information that could impact North Korean interests.
According to the warning, cyber actors from Kimsuky are using improperly configured DNS Domain-based Message Authentication, Reporting and Conformance (DMARC) record policies to hide their social engineering attempts. These North Korean cyber actors are taking advantage of outdated email authentication methods to carry out spearphishing campaigns. They masquerade as trustworthy figures such as journalists, academics, or experts in East Asian affairs, who have credible connections to North Korean policy circles.
Kimsuky has been engaging in extensive cyber campaigns since 2012. The main objective of this group is to obtain stolen data and valuable geopolitical insights for the North Korean regime. They achieve this by targeting policy analysts and other experts. By successfully compromising these individuals, the Kimsuky actors are able to create more convincing and impactful spearphishing emails. These emails are then used to target more sensitive and high-value entities.
According to the advisory, phishing is a deceptive practice that involves sending fake emails to trick the recipient into clicking on a link or opening an email. This allows hackers to gain unauthorized access to the target’s device and networks. To make their emails more convincing, hackers create fake personas and may use content from previously compromised email accounts. They also impersonate individuals from trusted organizations like think tanks and higher education institutions, even though the emails are not actually coming from those institutions. Once they have gained access, the hackers aim to steal personal data with the intention of exploiting their targets.
The warning includes examples of spearphishing emails and a list of indicators that may suggest the involvement of malicious North Korean cyber actors. It urges individuals who believe they have been targeted to file a report on www.ic3.gov. If anyone suspects they are a victim of suspicious activities, including potential North Korean cyber activities, they are advised to report them to their local FBI field offices. Additionally, companies and individuals are instructed to update their DMARC security policies according to the two configurations specified in the advisory.
FBI Director Christopher Wray recently issued a warning about the increasing complexity and sophistication of national security threats in the United States. He emphasized that hostile nation-states are becoming more aggressive in their attempts to steal sensitive information and innovations, target critical infrastructure, and even export their repressive tactics to American soil.
According to the statement, only Iran and North Korea have carried out a destructive cyberattack within the United States.
The authorities have issued warnings about cyberattacks that aim to disable water and wastewater systems across the country. These attacks are reportedly carried out by hackers supported by the governments of Iran, China, and Russia.
According to a report by The Center Square, water and wastewater systems in rural communities in Texas were recently targeted by Russian hackers. This incident has led to a state legislative investigation.
A recent report by the Congressional Research Service reveals that federal agencies have identified actors linked to Russia, China, Iran, and North Korea as responsible for 30% of cyberattack campaigns across the country. Additionally, 30% of these campaigns have been attributed to criminal actors driven by financial motives.
According to the report, various tactics have been identified in which different countries have targeted specific industries and sectors for espionage and theft. North Korean agents, for example, have focused on companies utilizing blockchain technologies. Meanwhile, Russians have been targeting defense contractors to gain access to weapons and vehicle research, as well as to spy on communications. Iranians, on the other hand, have been involved in spying and data theft from private sector organizations, as well as from the telecommunications, defense, and energy sectors. Lastly, the Chinese have targeted multiple companies and academic institutions with the intention of stealing intellectual property and personal information.