July 10, 2024 By Bill Toulas
Japan's Computer Emergency Response Team Coordination Center (JPCERT/CC) is warning that Japanese organizations are being targeted in attacks by the North Korean 'Kimsuky' threat actors.
The US government has attributed Kimsuky as a North Korean advanced persistent threat (APT) group that conducts attacks against targets worldwide to gather intelligence on topics of interest to the North Korean government.
The threat actors are known to use social engineering and phishing to gain initial access to networks. They then deploy custom malware to steal data and retain persistence on networks.
Japan says Kimsuky attacks were detected earlier this year, and attribution was based on indicators of compromise (IoCs) shared by AhnLab Security Intelligence Center (ASEC) in two separate reports (1, 2).
"JPCERT/CC has confirmed attack activities targeting Japanese organizations by an attack group called Kimsuky in March 2024," warns the JPCERT.