Research Saturday 8.5.23
Ep 293 | 8.5.23

Who is that stealing my credentials?

Show Notes

Aleksandar Milenkoski from SentinelOne joins to discuss their work on "Kimsuky Strikes Again | New Social Engineering Campaign Aims to Steal Credentials and Gather Strategic Intelligence." Researchers have been tracking the North Korean APT group Kimsuky and their attempt at a social engineering campaign targeting experts in North Korean affairs.

The research states "The campaign has the objective of stealing Google and subscription credentials of a reputable news and analysis service focusing on North Korea, as well as delivering reconnaissance malware." Kimsuky has been tracked engaging in extensive email correspondence using spoofed URLs and extensive email correspondence, along with Office documents weaponized with the ReconShark malware.

The research can be found here: