The FBI, U.S. Department of State, and NSA issued a joint advisory warning about North Korean threat actor Kimsuky's new email spoofing tactics, such as impersonating legitimate entities in spearphishing campaigns to gather intelligence, utilizing DNS DMARC policies to lend legitimacy to their efforts, and urging organizations to adjust DMARC settings to combat these spoofing attempts
The advisory highlighted red flags in identifying Kimsuky-related emails, emphasized early detection and profiling of the attacker, and recommended configuring DMARC policies to reject misaligned domains. Moreover, the advisory mentioned Kimsuky's evolving tactics, including leveraging new tools like ChatGPT and exploiting vulnerabilities like the ConnectWise ScreenConnect flaw with malware strains like ToddlerShark, underscoring the importance of vigilance and advanced technology to detect and block such malicious campaigns. https://www.scmagazine.com/news/fbi-warns-of-email-spoofing-by-north-korean-threat-actor-kimsuky