North Korean hackers are exploiting an email security flaw in attacks used to gather sensitive intelligence and information, a new U.S. cybersecurity advisory warned.
The advisory, issued Thursday by the FBI, State Department and National Security Agency, said that members of the Pyongyang-backed hacking collective Kimsuky are sending spearphishing emails to individuals at think tanks, academic institutions and media organizations.
Spearphishing is a type of scam that targets specific individuals or groups with personalized information. In this case, the North Korean hackers appear to be legitimate journalists or scholars and are able to hide their identities through improperly configured DNS Domain-based Message Authentication, Reporting and Conformance, or DMARC, records on email systems.
Read the rest of the story at UPI.