German and South Korean Agencies Alerts of Kimsuky’s Attacks

By   Adeola Adegunwa
Writer , Informationsecuritybuzz | Mar 23, 2023 06:10 am PST

German and South Korean intelligence agencies have issued a joint warning against the increasing cyber-attack tactics of a North Korean hacker group called Kimsuky. The group, believed to be backed by the North Korean government, has been targeting organizations in both countries with sophisticated phishing campaigns and malware attacks. The warning comes as cyber-attacks continue to be a major threat to businesses and governments around the world.

The German Office for Information Security (BSI) and South Korea’s National Intelligence Service (NIS) has warned that Kimsuky has expanded its tactics to target a wider range of organizations in both countries. The group has been known to target government agencies, research institutes, and think tanks but is now also going after businesses in the technology and defense sectors.

According to the warning, Kimsuky is using a new malware called “BookCove” to steal sensitive information from its targets. The malware is delivered through spear-phishing emails that are crafted to look like legitimate messages from trusted sources. When the victim clicks the email’s attachment or link, the malware is installed on their system, allowing the hackers to steal data and monitor the victim’s activities.

The German and South Korean agencies have advised organizations should exercise caution and take precautions to safeguard themselves from these threats. This includes implementing strong security measures, such as multi-factor authentication and regular security updates, as well as educating employees about the risks of phishing attacks and how to identify them.

Kimsuky is a North Korean hacking group active since at least 2013. The group is believed to be connected to the North Korean government’s Reconnaissance General Bureau, which is responsible for intelligence gathering and covert operations.

The group has been involved in several high-profile cyber attacks over the years, including the 2014 hack of Sony Pictures, which was carried out in response to the release of the movie “The Interview,” a comedy about the murder of Kim Jong-un, the leader of North Korea. Kimsuky has also been linked to attacks on South Korean government agencies and nuclear power plants.

The group’s primary focus is on stealing sensitive information that could be used to advance North Korea’s military and economic interests. This includes information on nuclear technology, military operations, and economic sanctions.

Global Threat Of Cyber Attacks

The warning from the German and South Korean agencies highlights the ongoing threat of cyber attacks to businesses and governments around the world. Hackers are using a variety of techniques to steal data and disrupt operations in increasingly sophisticated and regular cyberattacks.

In 2020, the global cost of cybercrime was estimated to be around $1 trillion, with businesses and governments spending billions of dollars on cybersecurity measures. Despite this, many organizations still struggle to protect themselves from cyber attacks, with human error and outdated technology often cited as the main reasons for vulnerabilities.

Cyber attacks are a growing hazard as the globe grows increasingly technologically dependent and networked. Governments and businesses must continue to invest in cybersecurity measures and educate employees about the risks of cyber attacks to stay ahead of the hackers.

Kimsuky, a notorious North Korean cyber espionage group, has been responsible for a series of attacks on businesses and governments in Germany. These attacks have caused significant damage to the affected organizations and raised concerns about the growing threat of cyber attacks from state-sponsored groups.

According to reports, Kimsuky has been targeting German organizations since at least 2018, using a range of techniques such as spear phishing and social engineering to gain access to sensitive data. The group is believed to have links to the North Korean government and has been implicated in several high-profile cyber attacks around the world.

Impact of Kimsuky’s Attacks On Businesses And Governments in Germany

The impact of Kimsuky’s attacks on German organizations has been significant. One recent event involved a ransomware assault that disrupted operations and cost a German steel manufacturer millions of euros in costs. Several companies have reported similar attacks, and many are still working to repair the harm Kimsuky’s advanced cyber espionage techniques inflicted.

Governments in Germany have also been targeted by Kimsuky, with reports suggesting that the group has been attempting to gain access to sensitive information related to national security. While it is not clear what information the group has been able to obtain, the potential consequences of such a breach are deeply concerning.

In response to these threats, organizations in Germany are recommended to take precautions to defend themselves against cyberattacks. One of the most effective measures is the implementation of multi-factor authentication, which requires users to provide more than one form of authentication before they can access sensitive data or systems.

Measures Organizations Can Take to Protect Themselves From Kimsuky’s Attacks

Multi-factor authentication can prevent unauthorized access to networks and systems, as it requires attackers to have access to multiple factors, such as a password and a physical device like a phone. This makes it far more difficult for cybercriminals to access private data, even if they manage to get beyond other security measures.

Other measures that organizations can take to protect themselves from Kimsuky’s attacks include:

  • Regular software updates.
  • Employee training on cybersecurity best practices.
  • The use of advanced threat detection and response tools.

It is also important for organizations to have a robust incident response plan in place so that they can quickly and effectively respond to any cyber attacks that do occur.

The threat of cyber attacks from state-sponsored groups like Kimsuky is a growing concern for organizations worldwide. By taking proactive steps to protect themselves, businesses and governments in Germany can help to reduce their risk of falling victim to these sophisticated cyber espionage tactics.


The warning from the German and South Korean intelligence agencies is a reminder of the ongoing threat of cyber attacks from state-sponsored hacking groups. Kimsuky’s expanding tactics and use of sophisticated malware emphasize companies’ need to exercise caution and implement strong security measures to protect against these threats.

The world is increasingly dependent on technology. The threat of cyber attacks will only continue to grow. Governments and businesses must take proactive steps to protect themselves from these attacks, including investing in cybersecurity measures and educating employees about the risks of phishing attacks and other tactics used by hackers. We can only expect to keep one step ahead of the hackers and prevent the theft of our sensitive data by banding together.

Notify of
0 Expert Comments
Inline Feedbacks
View all comments

Recent Posts

Would love your thoughts, please comment.x