Pierluigi Paganini August 20, 2023

North Korea-linked APT Kimsuky launched a spear-phishing campaign targeting US contractors working at the war simulation centre.

North Korea-linked APT group Kimsuky carried out a spear-phishing campaign against US contractors involved in a joint U.S.-South Korea military exercise.

The news was reported by the South Korean police on Sunday, the law enforcement also added that the state-sponsored hackers did not steal any sensitive data.

The military drill, the Ulchi Freedom Guardian summer exercises, will start on Monday, August 21, 2023, and will last 11 days. The military exercises aim at improving the ability of the two armies to respond to North Korea’s evolving nuclear and missile threats.

The government of Pyongyang blames the US and South Korea for preparing a future invasion of their country.

“The hackers were believed to be linked to a North Korean group that researchers call Kimsuky, and they carried out their hack via emails to South Korean contractors working at the South Korea-U.S. combined exercise war simulation centre, the Gyeonggi Nambu Provincial Police Agency said in a statement.” reported Reuters agency.

“It was confirmed that military-related information was not stolen,” police said in a statement on Sunday.

A joint investigation conducted by South Korean police and the U.S. military revealed that the attackers used an IP address that was previously employed in a 2014 cyber attack against South Korea’s nuclear reactor operator and that was attributed to Kimsuky APT.

Kimsuky cyberespionage group (aka ARCHIPELAGO, Black Banshee, Thallium, Velvet Chollima, APT43) was first spotted by Kaspersky researcher in 2013. At the end of October 2020, the US-CERT published a report on Kimusky’s recent activities that provided information on their TTPs and infrastructure.

The APT group mainly targets think tanks and organizations in South Korea, other victims were in the United States, Europe, and Russia.

In the latest Kimsuky campaign, the state-sponsored group focused on nuclear agendas between China and North Korea, relevant to the ongoing war between Russia and Ukraine.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Kimsuky)