본문 바로가기
bar_progress

Text Size

Close

"Do Not Open daurn"… North Korean Hackers Disguise Phishing Email as 'Daum'

North Korean Hacker Group Kimsuki Distributes Phishing Emails
Password Change Prompt...Clicking Leads to Attacker's Server

The North Korean hacker group 'Kimsuky' attempted to steal users' passwords through phishing emails disguised as the portal site 'Daum' operated by Kakao.


The cybersecurity company East Security recently posted this information in its blog under the 'Malware Analysis Report'.


"Do Not Open daurn"… North Korean Hackers Disguise Phishing Email as 'Daum'

The phishing email discovered this time was distributed with the subject '[Urgent] Please change your password immediately.' The attacker used the sender domain 'daurn.net' to make it appear as if it were the Daum domain.


The email body contains the phrase "Your password and personal information may have been stolen by others" written in red, and clicking the activated 'Go change your password now' hyperlink in the middle of the email leads to a phishing site made to look like the Kakao login page. Then, under the pretext of 'password verification and change,' users are prompted to enter their password, and if they do, the information is sent directly to the attacker's server.


"Do Not Open daurn"… North Korean Hackers Disguise Phishing Email as 'Daum' Phishing email sent by North Korean hacking group 'Kimsuky'.
[Photo by Yonhap News]

After analyzing various indicators, East Security concluded that the North Korean reconnaissance general bureau-affiliated hacking group Kimsuky is behind this attack. Kimsuky is a North Korean hacking group that has hacked government ministries such as the Ministry of National Defense and the Ministry of Unification since around 2010, stealing data related to social infrastructure and defectors. Recently, it has expanded its attack range to countries in the Asia-Pacific region as well as South Korea.


Last year, Kimsuky sent phishing emails at least three times to 892 experts in diplomacy, security, unification, and defense, and in October of last year, it attempted to steal IDs and passwords of defectors by disguising as Kakao account management services.


East Security urged, "As North Korea's cyberattacks continue targeting not only institutions and companies but also private experts and organizations in related fields, special caution is required from those involved."


© The Asia Business Daily(www.asiae.co.kr). All rights reserved.

Special Coverage


Join us on social!

Top