"North Korea Kimsuky Launch Phishing Attacks on Universities"
Cybersecurity analysts have recently uncovered critical details about the North Korean advanced persistent threat (APT) group Kimsuky, which has been targeting universities as part of its global espionage operations. The researchers say that Kimsuky, active since at least 2012, primarily targets South Korean think tanks and government entities, though its reach extends to the US, the UK, and other European nations. The researchers noted that the group specializes in sophisticated phishing campaigns, often posing as academics or journalists to infiltrate networks and steal sensitive information. According to a new advisory, researchers capitalized on Kimsuky's operational security mistakes, which led to the collection of source code, login credentials, and other crucial data. It was discovered that Kimsuky has been phishing university staff, researchers, and professors, aiming to access and exfiltrate valuable research and intelligence. Once inside university networks, the group was observed stealing information critical for North Korea, particularly given the country's limited scientific community. The group's actions align with the objectives of the Reconnaissance General Bureau (RGB), North Korea's primary foreign intelligence agency.
Infosecurity Magazine reports: "North Korea Kimsuky Launch Phishing Attacks on Universities"