The Federal Bureau of Investigation, the US Department of State, and the National Security Agency, together with the Republic of Korea’s National Intelligence Service, National Police Agency, and Ministry of Foreign Affairs, are jointly issuing this advisory to highlight the use of social engineering by Democratic People’s Republic of Korea (DPRK a.k.a. North Korea) state-sponsored cyber actors to enable computer network exploitation globally against individuals employed by research centers and think tanks, academic institutions, and news media organizations.
These North Korean cyber actors are known to conduct spearphishing campaigns posing as real journalists, academics, or other individuals with credible links to North Korean policy circles. The DPRK employs social engineering to collect intelligence on geopolitical events, foreign policy strategies, and diplomatic efforts affecting its interests by gaining illicit access to the private documents, research, and communications of its targets.