The North Korean government-sponsored hacking unit Kimsuky has targeted a joint US-South Korea military exercise that will begin on Monday, according to the South Korean police.
The hackers have compromised the email accounts of South Korean contractors working at the South Korea-US combined exercise war simulation center, the authorities said, noting that classified information has not been compromised in the incident.
Kimsuky, which is currently one the most active APT groups, is known for its attacks on entities in government and private sectors, including UN Security Council, South Korean ministries, institutes and military, various human rights groups and think tanks, government research institutes, journalists covering Korean Peninsula relations, as well as pharmaceutical and research companies working on COVID-19 vaccines.
A joint investigation conducted by the South Korean authorities and the US military found the IP address previously linked to a 2014 breach of South Korea’s nuclear reactor operator. Kimsuky is also believed to be behind a 2021 hack of South Korea's state-run nuclear research institute, in which the attackers gained access to the institute’s computer system via a VPN flaw.
More recently, the group has been linked to a social engineering campaign targeting experts on North Korean affairs to steal Google credentials and deliver reconnaissance malware.