N. Korean Kimsuky APT Targets S. Korea-US Military Exercises Summary:

Cyber Security Threat Summary:
The Kimsuky APT, believed to have ties to North Korea, initiated a spear-phishing effort directed at American contractors participating in a war simulation center. The South Korean police recently revealed this, clarifying that although the state-affiliated hackers did engage in the campaign, no sensitive information was compromised.

The military drill, the Ulchi Freedom Guardian summer exercises, will start on Monday, August 21, 2023, and will last 11 days. The military exercises aim at improving the ability of the two armies to respond to North Korea’s evolving nuclear and missile threats. The government of Pyongyang blames the US and South Korea for preparing a future invasion of their country. The hackers were believed to be linked to a North Korean group that researchers call Kimsuky, and they carried out their hack via emails to South Korean contractors working at the South Korea-U.S. combined exercise war simulation centre, the Gyeonggi Nambu Provincial Police Agency said in a statement. reported Reuters agency. It was confirmed that military-related information was not stolen, police said in a statement on Sunday. A joint investigation conducted by South Korean police and the U.S. military revealed that the attackers used an IP address that was previously employed in a 2014 cyber attack against South Korea’s nuclear reactor operator and that was attributed to Kimsuky APT ( per SecurityAffairs, 2023).

Security Officer Comments:
In October 2020, US-CERT released a report detailing Kimsuky's recent undertakings, shedding light on their tactics, techniques, and infrastructure. Kimsuky's primary targets include think tanks and entities in South Korea, although they have also affected institutions in the United States, Europe, and Russia. In their most recent operation, this state-affiliated group concentrated on matters concerning nuclear discussions between China and North Korea, which bear relevance to the ongoing conflict involving Russia and Ukraine.

Suggested Correction(s):

  • Organizations can make APT groups’ lives more difficult. Here’s how:
  • Defense-in-depth strategy: A comprehensive defense-in-depth strategy is crucial to combat APTs. This includes implementing multiple layers of security controls, such as strong perimeter defenses, network segmentation, endpoint protection, intrusion detection systems, data encryption, access controls, and continuous monitoring for anomalies.
  • Threat intelligence and sharing: Ideally, organizations should actively participate in threat intelligence sharing communities and collaborate with industry peers, government agencies, and security vendors. Sharing information about APTs and their techniques can help detect and mitigate attacks more effectively.
  • Employee education and awareness: Regular security awareness programs, phishing simulations, and training sessions can educate employees about the latest threats, social engineering techniques, and safe computing practices.
  • Incident response and recovery: Despite preventive measures, organizations should have a well-defined incident response plan. This includes incident detection, containment, eradication, and recovery procedures to minimize the impact of APT attacks and restore normal operations.