North Korean hackers crack DMARC to spoof emails from trusted sources
North Korean state-sponsored threat actors are exploiting misconfigurations in DMARC to send convincing phishing emails and collect vital information from Western targets, officials warn.
A new joint advisory published by the US National Security Agency (NSA), the Federal Bureau of Investigation (FBI) and the State Department outlines how the hacking collective known as Kimsuky, believed to be strongly linked to the Lazarus Group, and For example, the North Korean government has been noted to be abusing misconfigured DMARC records policies to make it appear as if the emails come from legitimate sources.
DMARC stands for Domain-based Message Authentication, Reporting and Conformance and is described as an email authentication protocol that helps prevent email spoofing, phishing and other fraudulent activities. DMARC works by allowing senders to authenticate their messages through cryptographic signatures, and by determining how recipients should handle messages that fail authentication.
Grasping intelligence
The three agencies said Kimsuky’s goal is to “gather intelligence on geopolitical events, hostile foreign policy strategies and any information affecting the interests of the DPRK by obtaining illegal access to private documents, research and communications of the targets.”
To ensure that the victim responds to the phishing email and shares the information they are looking for, the hackers will prepare diligently. They will thoroughly investigate their target and either create false identities or pretend to be other people when they contact them. When they steal the identities of others, they will usually pose as journalists, academics or other experts on East Asian affairs “with credible ties to North Korean policy circles,” it said.
Quoting a previous Proofpoint report: The HackerNews said the technique was first observed in December last year, when Kimsuky engaged in a “broader effort” to, among other things, engage foreign policy experts on their views on nuclear disarmament. Kimsuky is described as a “smart social engineering expert,” the publication concludes.