March 22, 2023 By Bill Toulas
A joint cybersecurity advisory from the German Federal Office for the Protection of the Constitution (BfV) and the National Intelligence Service of the Republic of Korea (NIS) warn about Kimsuky's use of Chrome extensions to steal target's Gmail emails.
Kimsuky (aka Thallium, Velvet Chollima) is a North Korean threat group that uses spear phishing to conduct cyber-espionage against diplomats, journalists, government agencies, university professors, and politicians. Initially focused on targets in South Korea, the threat actors expanded operations over time to target entities in the USA and Europe.
The joint security advisory was released to warn of two attack methods used by the hacking group — a malicious Chrome extension and Android applications.
While the current campaign targets people in South Korea, the techniques used by Kimsuky can be applied globally, so raising awareness is vital.