The North Korean hacker group Kimsuky organized attacks on Russian scientists, foreign policy experts and non-governmental organizations that have anything to do with issues of interaction with the DPRK. As the newspaper writes Kommersant, to such conclusions came the American cybersecurity company Proofpoint, whose report was read by the publication.
Hackers send phishing emails to Korean experts on behalf of well-known experts in Russia. The letters contain a link to a supposedly closed network resource with a proposal to register. This is how hackers obtain the victim’s credentials. The study provides an example of such a letter sent by hackers on behalf of Georgy Toloraya, Executive Director of the BRICS National Research Committee.
“The campaign is broad, some of my best-known colleagues are also suffering,” Toloraya confirmed to the newspaper.
Russia is one of the important participants in the diplomatic and political processes around the DPRK, so it is important for North Korean intelligence to have access to closed mailings and other information, as well as organize the collection of data, experts say.
According to Anastasia Tikhonova, head of the Group-IB complex threat research group, it is likely that Kimsuky will try to purposefully “break through” and extract valuable documents from specific officials and employees of research organizations.