The US government warns of threat actors from North Korea. As a result, they use weak email DMARC (Domain-based Message Authentication Reporting and Conformance) settings to send fake spearphishing emails as if they came from a legitimate email address.
“We have observed that North Korean threat actors like APT43 are exploiting the flawed DMARC configurations to easily spoof well-known institutions at major universities, think tanks and NGOs. This allowed them to target prominent facilities in specific areas and collect high-priority intelligence for the North Korean regime. They did this by spoofing the email addresses of legitimate users from legitimate organizations to contact victims. It's a common but easy to fix problem.
Spying for North Korea
This tactic allows threat actors to gather information about impending sanctions from Western governments and to obtain information about the nuclear deterrence and armament of the United States and its allies so that the regime can better prepare. DPRK threat actors can also use the trust they have built with their target to later send malware via a malicious link or attached document. This is a highly effective new tool in the arsenal of one of the most prolific social engineering threat groups tracking Mandiant. Their attacks are not limited to non-governmental organizations and think tanks. Organizations in a variety of industries around the world are at risk of making themselves unnecessarily vulnerable. Proper DMARC configuration coupled with proper SPF/DKIM management are simple steps to effectively prevent phishing and spoofing of an organization.” Gary Freas, Mandiant Senior Analyst at Google Cloud
“Gmail has a long-standing commitment to strong authentication, which is critical to the health of the entire open and connected email ecosystem. Standards like DMARC help increase trust in the source and authenticity of a message, which is beneficial for both recipients and email senders. That's why we recently began requiring mass senders to implement DMARC and other key security and authentication standards to protect billions of Gmail users." Neil Kumaran, Group Product Manager, Gmail Security & Trust
About Mandiant Mandiant is a recognized leader in dynamic cyber defense, threat intelligence and incident response. With decades of experience on the cyber frontline, Mandiant helps organizations confidently and proactively defend against cyber threats and respond to attacks. Mandiant is now part of Google Cloud.
Matching articles on the topic