In light of a May 2nd 2024 Cybersecurity Advisory (CSA) JCSA-20240502-001 from the FBI, State Department, and NSA, we are revisiting our previous blog post on the exploitation of DMARC policies by threat actors such as TA427. The joint advisory warns about North Korean cyber actors, specifically Kimsuky (aka Emerald Sleet, APT43, Velvet Chollima, and Black Banshee), who exploit improperly configured DMARC policies to mask their social engineering attacks.
“Spearphishing continues to be a mainstay of the DPRK cyber program and this CSA provides new insights and mitigations to counter their tradecraft,” said NSA Cybersecurity Director Dave Luber.
The advisory underscores the critical importance of properly configuring DMARC policies to mitigate email spoofing and phishing risks. Kimsuky and other North Korean-aligned threat groups exploit weaknesses in DMARC configurations to send spoofed emails that appear legitimate, facilitating their spearphishing campaigns.
It is imperative that organisations to take proactive measures to secure their domains against such threats. Here are some actionable steps:
As the tactics of threat actors continue to evolve, organisations must remain vigilant and proactive in safeguarding their email infrastructure. By prioritising the implementation of robust DMARC policies and investing in comprehensive email security solutions, organisations can effectively mitigate the risk of falling victim to sophisticated phishing campaigns orchestrated by groups like Kimsuky.
Don’t wait for a breach to occur before taking action. Secure all your domains today with a risk-free 30 day trial of VerifyDMARC and fortify your defenses against cyber attacks.
As we move through 2024, the landscape of cyber security continues to evolve, with email authentication standing out as a critical defence mechanism against the increasing sophistication of attacks.
Protecting your email communications shouldn’t come at the expense of privacy and security for your organisation, employees, customers and suppliers.
Microsoft issued an advisory (EX765789) notifying admins some Exchange Online mail to third-party email accounts is failing, we go through the steps to fix this if you are affected.