North Korea-Backed Spy Group Poses as Reporters in Spearphishing Attacks, Feds Warn
The North Korean APT group known as Kimsuky or Hidden Cobra has allegedly been actively attacking businesses posing as reporters located in South Korea. The US Cybersecurity and Infrastructure Security Agency (CISA) posted advisory warning businesses of the new ploy to gain access to US information. The group has been operating as a cyberespionage group since as early as 2012, focusing on global intelligence gathering.
Their campaigns typically start with spearphishing emails, torrent shares, malicious browser extensions, and watering hole attacks. This allows them to gain an initial foothold in victims’ networks before deploying malware or ransomware. The group has targeted high-level organizations, think tanks, diplomatic agencies, and other businesses in Japan, South Korea, and the US. In recent campaigns, the group sent malicious attachments to targeted organizations, claiming to be a reporter. However, the malicious content was sent after several exchanges with the victim in an attempt to build trust.