skip to content
Decrypt LOL

Get Cyber-Smart in Just 5 Minutes a Week

Decrypt delivers quick and insightful updates on cybersecurity. No spam, no data sharing—just the info you need to stay secure.

Read the latest edition

Kimsuky Hackers Use Russian Emails for Phishing Attacks

/ 1 min read

North Korean Kimsuky hackers exploit Russian email addresses for phishing. The Kimsuky threat actor, aligned with North Korea, has been linked to a series of phishing attacks utilizing email addresses from Russian domains to conduct credential theft. Initially targeting users in Japan and Korea, the attacks shifted in mid-September to disguise themselves as originating from Russia, leveraging the VK Mail.ru service. Genians, a South Korean cybersecurity firm, reported that Kimsuky has employed various sender domains to impersonate financial institutions and services like Naver’s MYBOX cloud storage, inducing urgency to trick users into clicking malicious links. The group has a history of using legitimate email tools to evade security measures, and their tactics have been previously noted by security experts for exploiting misconfigured email authentication protocols.