1 October 2020

North Korean hackers launched spear phishing attacks against tens of UN officials


North Korean hackers launched spear phishing attacks against tens of UN officials

A hacker group, which is believed to be operating on behalf of North Korean government, has been targeting officials part of the United Nations Security Council with spear phishing attacks. The campaign, disclosed in a recent UN report, took place between March and April this year and was aimed at at least 28 individuals, including at least 11 officials from six members of the Security Council.

The campaign was attributed to an advanced persistent threat group (APT) known as Kimsuky, which was first spotted by Kaspersky in 2013.

“According to the information, these Democratic People’s Republic of Korea cyberactors launched a “security alert” - themed spear-phishing campaign in mid-March against Gmail accounts of the targeted individuals by placing malicious links in the email, utilizing a link to bypass spam blockers of the potential victims,” the report said.

According to the report, the hacker group consistently targeted UN officials with cyber attacks “and throughout March and early April 2020 more than 40 official email addresses belonging to an executive branch became the targets of spear phishing messages.” The hackers also attempted to compromise the personal WhatsApp accounts of the officials.

In March, the UN Security Council published a report that detailed two other Kimsuky campaigns against its officials. The first campaign involved a series of spear phishing attacks against 38 email addresses linked to Security Council officials, and the second one targeted officials from China, France, Belgium, Peru, and South Africa - all victims were members of the UN Security Council at the time of the attacks.

Back to the list

Latest Posts

Vulnerability summary for the week: October 23, 2020

Vulnerability summary for the week: October 23, 2020

A weekly vulnerability digest.
23 October 2020
Coronavirus vaccine-maker Dr. Reddis shuts down operations following a cyber-attack

Coronavirus vaccine-maker Dr. Reddis shuts down operations following a cyber-attack

The company suffered a “mega data breach,” which led to the closure of key units across the UK, the US, Brazil, India, and Russia.
23 October 2020
Energetic Bear APT targets US governments, avaition networks

Energetic Bear APT targets US governments, avaition networks

The hackers are using Windows Netlogon vulnerability to obtain access to Windows Active Directory (AD) servers and elevate privileges.
23 October 2020