Federal agencies have issued another cybersecurity alert warning that countries that pose national security threats to the U.S. are backing hackers who are targeting Americans.
In a joint federal cybersecurity advisory, the Federal Bureau of Investigations, U.S. Department of State, and National Security Agency warned that the North Korean military intelligence agency, Kimsuky, is hacking email system vulnerabilities to “collect intelligence on geopolitical events, adversary foreign policy strategies, and any information affecting North Korean interests by gaining illicit access to targets’ private documents, research, and communications.”
Kimsuky cyber actors are exploiting “improperly configured DNS Domain-based Message Authentication, Reporting and Conformance (DMARC) record policies to conceal social engineering attempts,” the warning states. North Korean cyber actors are exploiting non-updated email authentication processes to implement “spearphishing campaigns posing as legitimate journalists, academics, or other experts in East Asian affairs with credible links to North Korean policy circles.”
Kimsuky has been conducting broad cyber campaigns since at least 2012. Its “primary mission is to provide stolen data and valuable geopolitical insight to the North Korean regime by compromising policy analysts and other experts. Successful compromises further enable Kimsuky actors to craft more credible and effective spearphishing emails, which can then be leveraged against more sensitive, higher-value targets.”
The phishing practice involves using fabricated emails that initiate a way for the target to click on a link or open an email that enables the hacker to gain access to their device and networks, the advisory explains. The hackers create tailored online personas to appear more realistic and may use content from emails of previously compromised email accounts to be more effective. They also use fake usernames and legitimate domain names to impersonate individuals from trusted think tanks and higher education institutions even though the emails are not coming from those institutions, the warning explains. Once they have access, hackers steal personal data in an attempt to exploit their targets.
The warning provides examples of spearphishing emails, a list of “red flags” to consider that may indicate malicious North Korean cyber actors, and encourages anyone who believes they have been targeted to file a report with www.ic3.gov. Anyone believing they are a victim of suspicious activities, including any suspected North Korean cyber activities, are instructed to report them to their local FBI field offices. Companies and individuals are also instructed to update DMARC security policies to one of two configurations identified in the advisory.
The warning comes after FBI Director Christopher Wray recently warned that U.S. national security threats “are more complex and sophisticated than ever. We’re seeing hostile nation-states becoming more aggressive in their efforts to steal our secrets and our innovation, target our critical infrastructure, and export their repression to our shores.”
Iran and North Korea are the only two countries to have conducted a destructive cyberattack inside the U.S., he said.
Other federal authorities have also warned of “disabling cyberattacks” targeting water and wastewater systems nationwide, reportedly being perpetrated by hackers backed by the governments of Iran, China and Russia.
In Texas, Russian hackers recently took credit for targeting water and wastewater systems in rural communities, prompting a state legislative investigation, The Center Square reported.
According to a recent Congressional Research Service report, federal agencies have attributed 30% of cyberattack campaigns nationwide to actors operating on behalf of Russia, China, Iran and North Korea, and 30 to criminal actors seeking financial gain.
Among the several tactics identified in the report, North Korean agents have targeted companies using blockchain technologies; Russians have targeted defense contractors to steal weapons and vehicle research and spy on communications; Iranians have spied on and stolen data from private sector organizations and the telecommunications, defense, and energy sectors; Chinese have targeted multiple companies and academic institutions to steal intellectual property and personal information.