North Korean Threat Actor Email Policy Exploitation - 20240503004¶
Overview¶
The National Security Agency (NSA) and Federal Bureau of Investigation (FBI) have released a report detailing how Northern Korean actors are exploiting weak DMARC security policies to mask spearphishing efforts. These efforts include emails that appear to be from legitimate journalists, academics, or other experts in East Asian affairs.
What is the threat?¶
Malicious actors commonly conduct social engineering and spear phishing attacks against organisations using fake emails. By modifying the sender’s address, or other parts of an email header to appear as though the email originated from a different source, a malicious actor is able to increase the likelihood of their target complying with a request, such as opening a malicious attachment or disclosing information.
Recommendation¶
The WASOC recommends administrators follow the advice of the Australian Signals Directorate and implement and maintain SPF, DKIM, and DMARC to combat against email spoofing and spear phishing attempts: