The Israeli cyber company Cybereason announced today (Monday) that it has unveiled a new attack and espionage infrastructure of a North Korean attack group called “Kimsuki”.
The group spied on governments and private organizations in the United States, Europe, Japan, South Korea and Russia. The organizations it attacked include pharma and research companies that worked on the Coronavirus vaccine, government security departments, the UN Security Council, journalists and human rights organizations.
According to Cybereason, the North Koreans used new tools with advanced capabilities that have not been seen and documented in the world to date, including attack tools that recorded user actions on a computer, to steal passwords and sensitive information and then send what they stole to the group’s encrypted servers. Despite the use of advanced tools, Kimsuki used simple social engineering techniques to infiltrate organizations, such as phishing emails.
Cybereason was founded in 2012 by Lior Div (CEO), Yossi Naar (CVO), and Yonatan Shtriem Amit (CTO). The company develops a system that collects information from all end stations in the organization, computers and servers, and analyzes their operations to identify stop real-time attacks.
Assaf Dahan, head of the cyber threat research group at Cybereason, explained: “Under the auspices of the North Korean regime, there are a number of different attack groups that focus on different things.
There are groups whose job is to steal money and thus fund the North Korean regime, stealing millions of dollars from banks and private entities around the world. On the other hand, it is clear from what is currently known in the intelligence picture that Kimsuki is engaged in advanced intelligence activities aimed at gathering information on foreign policy, national security (security fantasies, nuclear policies, economic sanctions, etc.) as well as tracking and spying on journalists, politicians and human rights activists. ”
Dahan added that “North Korean attack groups are also working against Israeli targets but since the tools we have uncovered today are new and unknown so far, the extent of the global damage has not yet been fully revealed. I believe we will find their footprints in other continents and countries soon.”
Kimsuki has a rich past of attacks Cyber that began in 2012 with attacks on South Korea. In recent years, they have expanded their range of capabilities to advanced tools and their circle of activity in Asia to neighboring Japan and Russia, as well as to Europe and the United States.