Kimusky, which is also known as Hidden Cobra, has been targeting think-tanks, as well as diplomatic and high-level organisations in Japan, South Korea and the US. The cyberespionage group, which has been active since 2012, is said to be seeking out foreign policy and national-security issues related to the Korean peninsula, along with nuclear policy and sanctions. Kimusky is also targeting the cryptocurrency industry.
The group is hiding under the guise of South Korean reporters, according to the US Cybersecurity and Infrastructure Security Agency (CISA).
They said: “Posing as South Korean reporters, Kimsuky exchanged several benign interview-themed emails with their intended target to ostensibly arrange an interview date and possibly build rapport.
“The emails contained the subject line, ‘Skype Interview requests of [redacted TV show] in Seoul.’ and began with a request to have the recipient appear as a guest on the show.
“The APT group invited the targets to a Skype interview on the topic of inter-Korean issues and denuclearisation negotiations on the Korean Peninsula.”
CISA added that Kimusky sent emails with malicious documents after recipients agreed to an interview.
When the date of the interview got closer, another email was sent cancelling the interview.
Erich Kron, security awareness advocate at KnowBe4, said: “This is another example of the seriousness of the modern cybercrime world and the resources behind them.
“With billions of dollars at stake every year and with warfare expanding to the digital realm in such a large way, it is no surprise that nation-states are involved.
The hackers also claimed the US administration was “involved in the origin of the coronavirus”.
There was then a message asking for cryptocurrency donations in exchange for access to information about interference in the election.
This has now been taken down.
Mr Trump’s re-election campaign team is investigating the security breach.
The campaign team said there was “no exposure to sensitive data because none of it is actually stored on the site”.
Trump campaign communications director Tim Murtaugh denied any
sensitive data was collected from this attack.
He told CNN: “The Trump campaign website was defaced and we are working with law enforcement authorities to investigate the source of the attack.
“There was no exposure to sensitive data because none of it is actually stored on the site.”