Rhe Federal Bureau of Investigation (FBI), the US Department of State, and the National Security Agency (NSA) released this Joint Cybersecurity Advisory to highlight attempts by Democratic People’s Republic of Korea (DPRK, a.k.a. North Korea) Kimsuky cyber threat actors to exploit improperly configured DNS Domain-based Message Authentication, Reporting and Conformance (DMARC) record policies to conceal social engineering attempts. Without properly configured DMARC policies, malicious cyber threat actors are able to send spoofed emails as if they came from a legitimate domain’s email exchange.

The North Korean cyber threat actors have conducted spearphishing campaigns posing as legitimate journalists, academics, or other experts in East Asian affairs with credible links to North Korean policy circles. North Korea leverages these spearphishing campaigns to collect intelligence on geopolitical events, adversary foreign policy strategies, and any information affecting North Korean interests by gaining illicit access to targets’ private documents, research, and communications.

This advisory includes indicators of North Korean social engineering for potential victims receiving spearphishing emails as well as mitigation measures for organizations who could be victims of North Korean impersonation. For additional information on state-sponsored North Korean malicious cyber activity, see the June 2023 Kimsuky Joint Cybersecurity Advisory.

For any further questions, contact us here at Cyber Command.