In light of recent developments in the cybersecurity landscape, the Division of Information Technology (IT) feels it is imperative to communicate the evolving threats to our community. One such concern involves a North Korean group known as Kimsuky, a state-sponsored cyber threat actor notorious for their sophisticated spear-phishing attempts. Spear-phishing is a targeted form of phishing where the attacker impersonates a known or trusted entity to deceive individuals into revealing sensitive information.
The Kimsuky group has demonstrated a broad target range, conducting targeted attacks on non-governmental organizations (NGOs), think tanks, diplomatic agencies, military organizations, economic groups, and research entities across North America, Asia, and Europe. Typically, a Kimsuky actor impersonates a journalist, an academic scholar, or a think tank researcher, initiating contact via an email request for an interview or survey participation. Using various personas, the actors establish engagement with the target, then attempt to compromise the target’s account, device, or network.
Of note is Kimsuky’s recent adoption of a new tool, ReconShark. Delivered to targeted individuals via spear-phishing emails or OneDrive links leading to document downloads, ReconShark exfiltrates details about running processes, detection mechanisms, and hardware information. This information enables the attackers to execute “precision attacks” with malware tailored to the targeted environment, thereby circumventing detection mechanisms.
In addition to spear-phishing, there has been a notable increase in “smishing” attempts, a form of phishing that uses text messages to deceive individuals into divulging sensitive information. Threat actors often impersonate fellow employees or company leaders to persuade recipients to share sensitive data.
To ensure the safety of our community, we recommend the following precautions:
- Be wary of unsolicited phone calls, texts, and emails from unknown individuals claiming affiliation with the K-State.
- Confirm the person’s identity through official channels before engaging with them.
- Avoid interacting with unsolicited emails or text messages.
- Exercise caution when sharing personal or university information over the phone, and ensure the caller’s identity is verified.
- Minimize the amount of personal information shared on social networking sites.
Should you receive a suspicious text message, email, or phone call, document the details, including the phone number and the identity claim of the person, and forward this information to our IT security team at abuse@ksu.edu.
We encourage you to refer to this detailed report (https://www.ic3.gov/Media/News/2023/230601.pdf) for more specific examples and additional information on these cybersecurity threats.
Cybersecurity is a collective responsibility. By working together, we can ensure the safety of our K-State community from these evolving threats. We appreciate your vigilance and cooperation in this matter.
