HQ/EMEAFind out how we can help your business
The notorious North Korean-backed cybercriminal threat group called Kimsuky APT is currently targeting various universities globally as part of its espionage operations.
This advanced persistent threat group primarily targets South Korean think tanks and government institutions, but its reach could also include the US, the UK, and other European countries. The group specialises in sophisticated phishing tactics, frequently impersonating journalists or academic personalities to breach targeted networks and steal critical data.
Researchers explained that they have analysed the APT group’s operation after exploiting some of its security flaws to gather source code, login passwords, and other sensitive information.
The stolen data revealed that Kimsuky had been conducting phishing activities that targeted university workers, researchers, and professors to acquire access to systems and exfiltrate valuable research and intelligence.
Once these hackers access university networks, they will take important material for North Korea, especially intelligence that would benefit the country’s defence and military sector.
Kimsuky APT has been a menace to various industries worldwide.
North Korea’s Kimsuky APT has already been linked to operations that aim to steal sensitive information, such as nuclear research, medical discoveries, and pharmaceutical secrets. In addition, there is evidence that the group engages in financially motivated attacks, presumably to fund its espionage operations.
A discovery also uncovered Kimsuky’s tactics, including its exploitation of phishing pages that pose as authentic university login portals. By altering the coding on these pages, Kimsuky can steal the credentials of unaware victims, especially from currently targeted academic institutions, such as Dongduk University, Korea University, and Yonsei University.
The operation also showed Kimsuky’s use of an application called SendMail, which leveraged to send phishing emails from hacked accounts. These hackers designed this app to deceive recipients into giving them their login credentials, which aided Kimsuky’s espionage efforts.
Researchers suggested that users, especially from countries heavily targeted by the North Korean hacking group, use phishing-resistant multifactor authentication (MFA) tools or push-based mobile applications to counteract these risks. Users should also verify the legitimacy of every landing page, specifically the URL they will log on to, as certain password managers may accomplish this automatically.
