A North Korean hacker group that has primarily conducted cyberattacks against South Korea has now shifted its focus to hacking Russian email accounts.
On Wednesday, Radio Free Asia (RFA) reported that South Korean cybersecurity firm Genians Security Center (GSC) had released a report analyzing phishing email attacks conducted by the North Korean hacker group Kimsuky.
According to the report, since mid-September, Kimsuky has distributed emails using Russian domains such as “mmbox.ru” and “ncloud.ru,” impersonating South Korean government agencies like the National Tax Service and the National Secretary.
The emails contained notices about tax payment deadlines and financial transaction guidelines. Clicking links embedded in the emails reportedly installs malware on the recipient’s computer.
The report stated that the Russian email domains used by Kimsuky were manipulated through so-called phishing mail senders. These tools enable attackers to disguise email accounts from South Korea or the United States as if they were from Russian email services.
Kimsuky, a hacking group under North Korea’s Reconnaissance General Bureau, is noted for increasingly sophisticated cyberattacks.
In August, Kimsuky targeted U.S. private satellite experts with phishing emails, impersonating a professor at South Korea’s Yonsei University and an official from the Ministry of Unification. The email invited recipients to participate in a workshop on alliance politics and share views on the U.S.-South Korea alliance.
Genians emphasized the importance of thoroughly verifying the sender’s official email address to prevent phishing attacks and mitigate damage. However, they noted, “As in this case, it is technically possible to make email addresses appear official, requiring multiple layers of verification.”