North Korean hackers are using phishing campaigns to impersonate journalists and experts, exploiting weak email policies to gather intelligence on geopolitical events and foreign policy strategies, particularly in the US and South Korea. The Kimsuky group targets policy analysts and experts by creating fake personas with legitimate domain names, bypassing DMARC protocols. US federal agencies recommend updating DMARC policies to prevent these spearphishing attacks and provide indicators to identify malicious North Korea phishing emails, including tactics such as using real text from previous victims, awkward English content, and subtle misspellings in email addresses
https://www.infosecurity-magazine.com/news/north-korean-spoofing-journalist/