The National Security Agency, the FBI, and the State Department have released a joint cybersecurity advisory warning against a North Korea-linked cyberthreat group that exploits weak domain-based message authentication, reporting and conformance, or DMARC, policies.
The CSA outlines techniques used by Kimsuky threat actors to exploit improperly configured DMARC record policies to carry out spearphishing campaigns, disguising themselves as legitimate academics, journalists or other experts in East Asian affairs to gather intelligence on geopolitical events and foreign policy strategies, NSA said Thursday.
“Spearphishing continues to be a mainstay of the DPRK cyber program and this CSA provides new insights and mitigations to counter their tradecraft,” said Dave Luber, director of the Cybersecurity Directorate at NSA.
According to the advisory, a properly configured DMARC policy will prevent malicious actors like Kimsuky from spoofing an organization’s legitimate email domain when sending spearphishing messages to a target.
The agencies recommended that organizations enhance their cybersecurity posture of DMARC security policies and implement mitigations that align with the Cybersecurity and Infrastructure Security Agency’s Cybersecurity Performance Goals.
Join the Potomac Officers Club’s 2024 Cyber Summit on June 6 to hear from government and industry experts about the dynamic and ever-evolving role of cyber in the public sector. Register here!