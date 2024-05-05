The North Korea-linked hacking group tracked as Kimsuky has been exploiting weak email Domain-based Message Authentication, Reporting, and Conformance (DMARC) settings to conceal spear phishing attacks, the US government warns. Crafted DMARC policies have allowed Kimsuky to spoof email messages and pose as legitimate academics, journalists, and experts in Eastern Asian affairs. Spoofed emails are sent from an actor-controlled email address and domain, but the exploitation of improperly configured DMARC policies, which are meant to ensure that emails have been sent from an organization’s legitimate domain, help the adversary deceive their targets.

