New Kimsuky credential theft attacks involve Russian email addresses - #Kimsuky
North Korean threat actor Kimsuky has shifted its phishing attack tactics, now utilizing Russian domains and exploiting Mail.ru's services to send emails impersonating financial institutions and internet portals. Previously known for using email services from Japan and Korea, Kimsuky has begun leveraging compromised email servers, such as the one at Evangelia University, to distribute their phishing emails. These emails often mimic Naver's MYBOX cloud storage service, enticing users to click on malicious links by falsely claiming detected files. Their sophisticated social engineering tactics, including sender spoofing, help them bypass security measures, primarily aiming to steal credentials. Credential theft from these campaigns can lead to account hijacking and further attacks on other individuals.