The hacking group Kimsuky, which works for the North Korean government, is expected to increase their cyberespionage campaigns as the country continues to conduct their ballistic missile program, according to a cyber threat expert on Tuesday.
“As we see more and more missile tests from North Korea, we will see more and more activities from the advanced persistent threat (APT) 43,” said Luke McNamara, a principal analyst at Google and previously at Mandiant before its acquisition by Google, in a media briefing held in Seoul. APT43 is a name given to the North Korean state-sponsored hacking group by the threat intelligence company that has been tracking the hacking group’s activities since 2018.
In the words of the expert, the hacking group has been conducting cyberespionage campaigns against policymakers and researchers to gather information on nuclear policy, sending compromised emails several hours after they launched basilic missiles. These activities have been crucial to the North Korean government, as they have scarce resources regarding foreign intelligence agents.
McNamara said that they have discovered two different types of spear-phishing attacks from North Korean hackers. A traditional spear-phishing attack is a practice where hackers send malicious emails to coax their targets into giving up their personal information or other sensitive information. The expert explained that the North Korean state-sponsored hackers simply asked someone who was working on the policy matters for strategic analysis on nuclear policy without embedding any malicious code in the emails.
“This is a fairly unique tactic,” said the expert. “We don’t really see this activity from Russian, Chinese, or Iranian threat actors. They are usually using malware or credential collection.” McNamara explained that one of the reasons the North Korean hackers are using this sort of attack method is that it could help avoid detection since it is more probable that a recipient would be suspicious of an email that has uncertain files attached rather than an email with a questionnaire.