Threat Management

New Kimsuky attacks target foreign experts for intelligence gathering

Reuters reports that North Korean state-sponsored threat operation Kimsuky, also known as Thallium, has launched a new campaign aimed at Western foreign affairs experts in an effort to obtain intelligence regarding the possible movement of Western policy toward North Korea. One of the campaign's targets, U.S.-based foreign affairs analyst Daniel DePetris, noted receiving an email purporting to be from Jenny Town, the director of thinktank 38 North, which sought his opinion on security issues in North Korea. "I realized it wasn't legit once I contacted the person with follow up questions and found out there was, in fact, no request that was made, and that this person was also a target. So I figured out pretty quickly this was a widespread campaign," said DePetris. Meanwhile, other emails sent by Kimsuky involved queries surrounding China's reaction to nuclear testing and the appropriateness of a "quieter" aggression approach for North Korea. "The attackers are having a ton of success with this very, very simple method. The attackers have completely changed the process," said Microsoft Threat Intelligence Center's James Elliott, who noted that the technique first came to light in January.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.