A hacking group known as Kimsuky has been accused of impersonating South Korean officials and journalists in an elaborate scheme to steal cryptocurrency for the North Korean regime. According to local media reports, South Korea’s police agency has confirmed that 1,468 people fell victim to the campaign between March and October 2023. Among the victims were 57 current or retired government officials working in diplomacy, military, and national security. Kimsuky, a state-sponsored hacking group, is believed to be behind the attacks, which aimed to steal victims’ personal information, IDs, passwords, and cryptocurrency.
The Korean National Police Agency (KNPA) reported a significant increase in the number of email accounts hijacked by Kimsuky, reflecting the group’s expansion of attacks from targeting diplomats and security experts to the general public. Kimsuky employs social engineering tricks by sending boobytrapped emails disguised as government organizations, research institutes, and journalists. These emails lure recipients into clicking on malicious links or opening infected attachments, leading to the installation of malware on their computers.
Kimsuky, also known as Thallium, Black Banshee, or Velvetchollima, has been active since 2012 and has previously targeted members of the United Nations Security Council and South Korea’s Atomic Energy Research Institute. Earlier this year, the United States and South Korea issued a joint cybersecurity advisory about the Kimsuky hacking gang, revealing their involvement in stealing cutting-edge technologies related to weapons development and satellite technology.
To protect themselves from such attacks, individuals and organizations should ensure they have up-to-date antivirus software and enable multi-factor authentication for their accounts. It is also crucial to use unique and strong passwords and educate users about the dangers of opening suspicious documents. Additionally, authorities in the United States and South Korea warned companies about the risk of inadvertently recruiting North Korean spies to work remotely for their IT departments, creating another vulnerability for hackers to exploit.
Key points:
1. A hacking group called Kimsuky has been accused of impersonating South Korean officials and journalists to steal cryptocurrency for the North Korean regime.
2. 1,468 people, including 57 government officials, fell victim to the campaign between March and October 2023.
3. Kimsuky targeted victims’ personal information, IDs, passwords, and cryptocurrency.
4. The group expanded its attacks from diplomats and security experts to the general public.
5. To protect against such attacks, individuals and organizations should use up-to-date antivirus software, enable multi-factor authentication, use strong passwords, and educate users about the risks of suspicious documents.