The FBI, Cybersecurity and Infrastructure Security Agency (CISA) and U.S. Cyber Command Cyber National Mission Force (CNMF) have issued a joint advisory to warn the public of a North Korean-linked hacking group called Kimsuky.
The advanced persistent threat (APT) group uses social engineering and spearphishing tactics to infiltrate U.S. systems, according to the notice dated Tuesday.
CISA, FBI and CNMF utilized data from intelligence reporting and open-source databases to consolidate Kimsuky’s tactics, techniques and procedures (TTP).
Kimsuky has also used stolen web hosting credentials to disseminate threats and created subdomains to mimic websites such as Google and Yahoo.
According to the advisory, Kimsuky conducts intelligence collection operations against organizations and individuals in the U.S., Japan and South Korea. The APT group was most likely launched in 2012, the notice states.