Select Page

The North Korean nation-state threat actor known as Kimsuky has been linked to a social engineering campaign targeting experts in North Korean affairs with the goal of stealing Google credentials and delivering reconnaissance malware.

“Further, Kimsuky’s objective extends to the theft of subscription credentials from NK News,” cybersecurity firm SentinelOne said in a report shared with The Hacker News.

“To achieve this, the group distributes emails that lure targeted individuals to log in on the malicious website nknews[.]pro, which masquerades as the authentic NK News site. The login form that is presented to the target is designed to capture entered credentials.”

NK News, established in 2011, is an American subscription-based news website that provides stories and analysis about North Korea.

The disclosure comes days after U.S. and South Korean intelligence agencies issued an alert warning of Kimsuky’s use of social engineering tactics to strike think tanks, academia, and news media sectors. Last week, the threat group was sanctioned by South Korea’s Ministry of Foreign Affairs.

images from Hacker News