Kimsuky threat group disguised as researchers to target victims

December 29, 2022
Kimsuky Threat Group Researchers Impersonation

According to an investigation, a United States-based foreign affairs analyst received an alleged malicious email from the Kimsuky threat group a couple of months ago. Reports stated that the email was sent by a North Korean spy that impersonated a researcher to gather intelligence from its target.

Based on research, the North Korean-sponsored threat group are currently impersonating researcher from think tanks to gather valuable information that is beneficial to its country. This threat campaign was initially spotted at the start of 2022 and has proven very efficient after the North Korean hackers employed their current strategy.

In some cases, the threat actors have spent weeks to months conversing with their targeted officials to acquire relevant information for their county. During these attacks, the actors have used spoofed emails that impersonate numerous research institutes.


The Kimsuky threat group favours their current strategy over other cybercriminal activities.


Experts believe that the Kimsuky threat group will continue to use this impersonation strategy since it is more efficient and faster for them to obtain valuable information. Moreover, executing spear-phishing attacks, building malware, and finding compromised email accounts could be more tedious for the hackers.

In addition, the group could acquire intelligence directly from experts, which allows them to verify the factuality of the information automatically. Some experts also claimed that the actors’ actions appear legitimate as they do not send malicious links that could raise suspicions.

Hence, they could bypass security detections that scan and flag them as malicious.

The Kimsuky group has been very active these past few months and has compromised different entities with different campaigns. Last October, experts have seen the group conducting a cyberespionage campaign that targets Android devices in South Korea.

One of its recent attacks utilised threat malware variants, FastSpy, FastFire, and FastViewer, which infected numerous devices.

As of now, Kimsuky is one of the most sophisticated threat groups from North Korea. Experts claimed that this gang had constantly updated its TTPs to make their attacks more successful. Organisations and researchers should keep tabs on Kimsuky as it poses more threats soon.

About the author

Leave a Reply