The governments of the United States and South Korea have collaborated to formulate an advisory on North Korea’s employment of cyber actors and malware to hack the media, academe and think tank organizations.
The National Security Agency on Thursday led the issuance of the cybersecurity advisory, which warned that the North Korean government has been sponsoring cyber actors to launch “spearphishing” campaigns in order to gather national security and foreign policy intelligence.
NSA worked with the FBI, U.S. Department of State, and South Korean agencies including the National Intelligence Service, National Policy Agency, and Ministry of Foreign Affairs to investigate North Korea’s cyber program.
They found that a set of threat actors known as Kimsuky, Thallium, APT43, Velvet Chollima, and Black Banshee, had been spearphishing for the Reconnaissance General Bureau — North Korea’s primary military intelligence organization — since 2012.
“These cyber actors are strategically impersonating legitimate sources to collect intelligence on geopolitical events, foreign policy strategies, and security developments of interest to the DPRK on the Korean Peninsula,” NSA Cybersecurity Director Rob Joyce explained. “Education and awareness are the first line of defense against these social engineering attacks,” the Wash100 awardee said.
