Disclosures:
Professional Reviews

The reviews found on GuideHaven consist of evaluations conducted by community reviewers. These assessments take into account the reviewers’ unbiased and knowledgeable analysis of the products and services being reviewed.

Ownership

GuideHaven is a leading cybersecurity review website with a team of experts experienced in testing and evaluating VPNs, antiviruses, password managers, parental controls, and software tools. Our reviews are available in 29 languages, making them accessible to a broad audience since 2018. To further support our readers in their pursuit of online security, we’ve partnered with Kape Technologies PLC, which owns popular products like ExpressVPN, CyberGhost, ZenMate, Private Internet Access, and Intego, all of which may be reviewed on our website.

Affiliate Commissions

GuideHaven contains reviews that follow the strict reviewing standards, including ethical standards, that we have adopted. Such standards require that each review will take into consideration the independent, honest, and professional examination of the reviewer. That being said, we may earn a commission when a user completes an action using our links, at no additional cost to them. On listicle pages, we rank vendors based on a system that prioritizes the reviewer’s examination of each service, but also considers feedback received from our readers and our commercial agreements with providers.

Review Guidelines

The reviews published on GuideHaven are written by community reviewers that examine the products according to our strict reviewing standards. Such standards ensure that each review prioritizes the independent, professional, and honest examination of the reviewer, and takes into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings we publish may also take into consideration the affiliate commissions we earn for purchases through links on our website.

North Korean APT Group Uses Social Engineering Attacks to Gather Intelligence, Cybersecurity Experts Warn

North Korean APT Group Uses Social Engineering Attacks to Gather Intelligence, Cybersecurity Experts Warn

Shipra Sanganeria
Published by Shipra Sanganeria on June 08, 2024

A malicious campaign with the objective of delivering reconnaissance malware as well as stealing email and NK news subscriber credentials has been initiated by a threat group having aligned interests with North Korea.

On June 7, SentinelOne’s cybersecurity researchers disclosed Kimsuky’s campaign details that specifically targets experts on North Korean affairs. ‘’Based on the used malware, infrastructure, and tactics, we assess with high confidence that the campaign has been orchestrated by the Kimsuky threat actor,’’ noted the advisory. The disclosure comes in wake of the joint warning released by US and South Korean intelligence agencies, alerting Kimsuky’s use of exfiltrating malware and spear-phishing tools to illicitly gather data and credentials of targets.

To gather favorable strategic intelligence, North Korean advanced persistent threat (APT) group expands its social engineering tactics to target think tanks, academia, and media experts in the US. Their sophisticated methods include spoofed URLs, extensive email correspondence and use of reconnaissance malware, ReconShark.

To establish trust and engage with the target, it was found that the threat actor had impersonated Chad O’Carroll, founder of NK News. SentinelOne’s investigation also revealed the use of HTML-formatted phishing email containing spoofed URLs. The seemingly legitimate Google Doc URLs redirects the user to a malicious website. This is done with the aim of capturing the target’s Google credentials.

Moreover, Kimsuky was also seen using spoofed URL emails that redirect the target to a fake NK login site, helping them steal user credentials for NK News subscription service. The news site is known for its detailed reports and expert analysis on North Korea. Access to these reports helps the threat actor achieve its broader objective of strategic intelligence-gathering initiatives.

A few months ago, German and South Korean intelligence agencies had issued an advisory, alerting Gmail and AOL users of Kimsuky’s malicious campaign to steal their credentials.

To mitigate the risk of similar attacks, experts recommend users to exercise caution and deploy effective security measures.

Did you like this article? Rate it!
 
 
 
 
 
I hated it I don’t really like it It was ok Pretty good! Loved it!
0 Voted by 0 users
Title
Comment
Thanks for your feedback