The U.S. State Department, National Security Agency, and the FBI have issued a joint advisory warning organizations across the country, especially educational entities, non-profits, and think tanks, regarding the increasingly advanced phishing techniques leveraged by North Korean state-backed hacking group Kimsuky, also known as APT43, Emerald Sleet, and Velvet Chollima, Nextgov reports.
Improper configuration of the Domain-based Message Authentication, Reporting and Conformance, or DMARC, protocol has been exploited by Kimsuky to facilitate the compromise of organizations' email domains and impersonate legitimate users, said the joint advisory. Organizations have been urged to defend against such intrusions by implementing DMARC policy changes, including configuration re-coding to restrict certain messages, on top of carefully examining incoming emails.
Such an advisory comes months after Kimsuky and other North Korean operatives were sanctioned by the U.S. Treasury Department for their involvement in cyberattacks aimed at gathering intelligence to support the interests of North Korea.