The Federal Bureau of Investigation (FBI), the U.S. Department of State, and the National Security Agency (NSA) are jointly issuing this advisory to highlight attempts by Democratic People’s Republic of Korea (DPRK, a.k.a. North Korea) Kimsuky cyber actors to exploit improperly configured DNS Domain-based Message Authentication, Reporting and Conformance (DMARC) record policies to conceal social engineering attempts. Without properly configured DMARC policies, malicious cyber actors are able to
kimsuky (6)
Nation-state cyber threat actors affiliated to North Korea have been observed using spear-phishing attacks to deliver an assortment of backdoors and tools such as AppleSeed, Meterpreter, and TinyNuke to seize control of compromised machines. The South Korea-based cybersecurity company AhnLab attributed the activity to an advanced persistent threat group known as Kimsuky. "A notable point about attacks that use AppleSeed is that similar methods of attack have been used for many years with no si
US and South Korean intelligence agencies have issued a new alert warning of North Korean cyber actors' use of social engineering tactics to strike think tanks, academia, and news media sectors. The "sustained information gathering efforts" have been attributed to a state-sponsored cluster called Kimsuky, which is also known by the names APT43, ARCHIPELAGO, Black Banshee, Emerald Sleet (previously Thallium), Nickel Kimball, and Velvet Chollima. Active guys….. "North Korea relies heavily on in
In the cryptocurrency ecosystem, coins have a story, tracked in the unchangeable blockchains underpinning their economy. The only exception, in some sense, is a cryptocurrency freshly generated by its owner's computational power. Unsurprisingly, Kim Jong-Un’s North Korean hackers have begun adopting a new trick to launder the coins they steal from victims worldwide and use their dirty, stolen coins in services that allow them to mine innocent new ones.
Recently, cybersecurity investigators pub
Activity Summary - Week Ending 20 August 2021:
- Red Sky Alliance observed 21 unique email accounts compromised with Keyloggers
- Beware of vadmin-vad05
- Analysts have identified 24,404 connections from new unique IP addresses
- 2,573 new IP addresses participating in various Botnets were seen this past week
- APT31
- APT Attack / Kimsuky
- APT1 - Common Crew
- Darkside and BlackMatter (a Hive connection?)
- Defense Industrial Base (DIB) / Israel
- Health Care / US, Ohio
- Indra / Hackers Behind Recent Attacks on I
Activity Summary - Week Ending 4 June 2021:
- Analysts identified 1,420 new IP addresses participating in various Botnets
- Red Sky Alliance identified 39,711 connections from new unique IP Addresses
- Analysts observed 14 unique email accounts compromised with Keyloggers
- BazaLoader
- WastedLoader
- Kimsuky, Velvet Chollima, Black Banshee, or Thallium spreading AppleSeed Backdoor
- JBS Ransomware
- Farming Equipment Vulnerabilities
- Produce supplier denied Insurance claim with a fraudulent $1.4 Million Wire T