Joint Cybersecurity Advisory on North Korean APT Kimsuky

Today the U.S. Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA), the FBI, and the U.S. Cyber Command published a joint cybersecurity advisory describing the tactics, techniques, and procedures used by the North Korean advanced persistent threat (APT) group Kimsuky. Some of the advisories key findings include that Kimsuky is most likely tasked by the North Korean regime with global intelligence gathering, including in the U.S.; that it employs social engineering tactics, spearphishing, and watering hole attacks to exfiltrate desired information from victims; and that it specifically targets individuals identified as experts in various fields. This advisory contains further technical details of this activity and offers indicators of compromise to help network administrators and defenders. To report activity related to information found in this advisory, contact the FBI via a local field office or via its 24/7 CyberWatch (CyWatch) at (855)292-3937 or Cy*****@*bi.gov. To request incident response resources or technical assistance related to these threats, contact CISA at ce*****@******hs.gov.