German defense systems manufacturer Diehl Defense was reported to have been compromised in a sophisticated spear-phishing attack by North Korean state-backed advanced persistent threat operation Kimsuky, SecurityWeek reports.
After conducting comprehensive reconnaissance efforts against Diehl Defence, Kimsuky — also known as APT43, TA406, Black Banshee, Emerald Sleet, and Velvet Chollima — was discovered by Google Mandiant researchers to have deployed spear-phishing attacks involving contract lures with U.S. defense contractors redirecting to fraudulent login pages spoofing those of a telecommunications firm and an email services provider that sought to exfiltrate Diehl Defence employee credentials, according to a report from German news website Der Spiegel. Such a development comes after Kimsuky had been sanctioned by the U.S. for its involvement in several attacks against government entities, news organizations, universities, and research centers across the country. Similar intrusions have also been launched by Kimsuky against such organizations in Asia and Europe.