Financial Crime World

North Korea’s Cybersecurity Threats Exposed: Think Tanks, Academia, and News Media Sectors Targeted

Joint Effort to Combat Growing Cybersecurity Threats

The National Security Agency (NSA) has partnered with several organizations to expose the Democratic People’s Republic of Korea’s (DPRK) use of social engineering and malware to target think tanks, academia, and news media sectors.

Social Engineering Attacks Warned Against

According to NSA Director of Cybersecurity Rob Joyce, DPRK state-sponsored cyber actors have been impersonating trusted sources to collect sensitive information. “Education and awareness are the first line of defense against these social engineering attacks,” he warned.

Agencies Involved in the Effort

The agencies involved in this effort include:

  • Federal Bureau of Investigation (FBI)
  • U.S. Department of State
  • Republic of Korea’s (ROK) National Intelligence Service, National Policy Agency, and Ministry of Foreign Affairs

These entities have observed sustained information gathering efforts originating from a specific set of DPRK cyber actors known collectively as Kimsuky, THALLIUM, or VELVETCHOLLIMA.

How North Korea Relies on Intelligence Gained

The cybersecurity advisory details how North Korea relies heavily on intelligence gained from these spearphishing campaigns. Successful compromises of targeted individuals enable Kimsuky actors to craft more credible and effective spearphishing emails that can be leveraged against sensitive, high-value targets.

“These cyber actors are strategically impersonating legitimate sources to collect intelligence on geopolitical events, foreign policy strategies, and security developments of interest to the DPRK on the Korean Peninsula,” Joyce said.

The Role of Kimsuky

Kimsuky is administratively subordinate to an element within North Korea’s Reconnaissance General Bureau (RGB). The RGB is primarily responsible for this network of cyber actors and activities. Data stolen by Kimsuky is shared with other DPRK cyber actors in support of the RGB’s objectives.

How to Protect Against These Threats

To protect against these threats, NSA and its partners encourage individuals and U.S. entities to:

  • Implement the mitigations listed in the cybersecurity advisory (CSA)
  • Report spearphishing examples to www.ic3.gov with a reference to “#KimsukyCSA” in the incident description.

By being aware of these threats and taking proactive measures, we can better protect ourselves against North Korea’s cyber attacks.