"North Korean Group Kimsuky Exploits DMARC and Web Beacons"

Researchers have discovered new tactics associated with the threat actor "Kimsuky." The group, believed to be linked to North Korea's Reconnaissance General Bureau, has been conducting email phishing campaigns aimed at experts to gain insights into US and South Korean foreign policies. According to Proofpoint, Kimsuky has contacted foreign policy experts directly since 2023, soliciting their opinions on topics such as nuclear disarmament, US-South Korean policies, and sanctions. In recent months, there has been an increase in this activity, with the group using social engineering tactics, frequently changing email infrastructures, and abusing lax Domain-based Message Authentication, Reporting, and Conformance (DMARC) policies to spoof different personas. They have also begun using web beacons for target profiling. This article continues to discuss Kimsuky's new tactics. 

Infosecurity Magazine reports "North Korean Group Kimsuky Exploits DMARC and Web Beacons"

Submitted by grigby1

 

Submitted by Gregory Rigby on