A hacker group, which is believed to be operating on behalf of North Korean government, has been targeting officials part of the United Nations Security Council with spear phishing attacks. The campaign, disclosed in a recent UN report, took place between March and April this year and was aimed at at least 28 individuals, including at least 11 officials from six members of the Security Council.
The campaign was attributed to an advanced persistent threat group (APT) known as Kimsuky, which was first spotted by Kaspersky in 2013.
“According to the information, these Democratic People’s Republic of Korea cyberactors launched a “security alert” - themed spear-phishing campaign in mid-March against Gmail accounts of the targeted individuals by placing malicious links in the email, utilizing a link to bypass spam blockers of the potential victims,” the report said.
According to the report, the hacker group consistently targeted UN officials with cyber attacks “and throughout March and early April 2020 more than 40 official email addresses belonging to an executive branch became the targets of spear phishing messages.” The hackers also attempted to compromise the personal WhatsApp accounts of the officials.
In March, the UN Security Council published a report that detailed two other Kimsuky campaigns against its officials. The first campaign involved a series of spear phishing attacks against 38 email addresses linked to Security Council officials, and the second one targeted officials from China, France, Belgium, Peru, and South Africa - all victims were members of the UN Security Council at the time of the attacks.