"North Korean APT Group 'Kimsuky' Targeting Experts with New Spear-Phishing Campaign"
German and South Korean government agencies have issued a warning about a new spear-phishing campaign launched by the Kimsuky North Korean Advanced Persistent Threat (APT) group against experts on the peninsula. The campaign gains access to victims' Google accounts by infecting Android phones with a malicious app available on Google Play or by using a malicious Chromium web browser extension. Kimsuky, also known as TA406, Thallium, and other names, has been active since 2012, mostly targeting diplomats, non-governmental organizations, think tanks, and experts on Korean peninsula-related issues. Like in past campaigns, Kimsuky gains initial access through spear-phishing by impersonating portal administrators and associates. In some cases, the emails caused the installation and automatic activation of a malicious extension on Chromium-based browsers. When victims access Gmail, the malware steals their emails and sends them to an attacker-controlled server. This article continues to discuss the new Kimsuky spear-phishing campaign.