Written by AJ Vicens
Nov 18, 2021 | CYBERSCOOP
A North Korean cyber espionage group known primarily for targeting think tanks, advocacy groups, journalists and others related to Pyongyang’s adversaries around the world has been quite prolific in 2021, according to email security firm Proofpoint.
The stepped-up action includes launching near-weekly attacks, among them two previously unreported campaigns.
In findings published Thursday, the firm examined the activities of a group it refers to as TA406, which it considers to be one of the components of an organization known more broadly as Kimsuky that’s been active since at least 2012. The U.S. government issued a public alert to the private sector in October 2020 about Kimsuky, warning of spearphishing, watering hole attacks and other methods designed to steal credentials.
TA406 targets research, education, government, media and other organizations for credential theft, Proofpoint analysts Darien Huss and Selena Larson wrote. The group’s other activities involve financial crimes and sextortion, and an increased use of malware. The campaigns remained “low in volume” until the beginning of January 2021, but starting then and through June 2021, the group launched “almost weekly campaigns,” the researchers wrote.
The first previously unreported campaign, in March 2021, used an