FORT MEADE, Md. – The National Security Agency (NSA) joins the Federal Bureau of Investigation (FBI) and the U.S. Department of State in releasing the Cybersecurity Advisory (CSA), “North Korean Actors Exploit Weak DMARC Security Policies to Mask Spearphishing Efforts,” to protect against Democratic People’s Republic of Korea (DPRK, aka North Korea) techniques that allow emails to appear to be from legitimate journalists, academics, or other experts in East Asian affairs.
The DPRK leverages these spearphishing campaigns to collect intelligence on geopolitical events, adversary foreign policy strategies, and any information affecting DPRK interests by gaining illicit access to targets’ private documents, research, and communications.
“Spearphishing continues to be a mainstay of the DPRK cyber program and this CSA provides new insights and mitigations to counter their tradecraft,” said NSA Cybersecurity Director Dave Luber.
The report contains background on the DPRK’s cyber program and past information-gathering examples, an explanation of how a strong Domain-based Message Authentication Reporting and Conformance (DMARC) policy can help block DPRK actors, red flag indicators of malicious activity, two sample emails used by DPRK cyber actors, and mitigation measures.
Read the full report here.
Visit our full library for more cybersecurity information and technical guidance.
NSA Media Relations
MediaRelations@nsa.gov
443-634-0721