North Korean hackers pose as defector support volunteers in phishing campaign



News North Korean hackers pose as defector support volunteers in phishing campaign Kimsuky cybercriminals used Facebook, Telegram and email to spread malware through DPRK-focused lures Dave Yin \| Shreyas Reddy June 12, 2025 SHARE COPY LINK FACEBOOK X LINKEDIN MASTODON Men using computers in North Korea \| Image: NK News (Jan. 2018) A North Korean threat actor known for its prolific espionage operations recently carried out a monthslong phishing campaign using content related to defector volunteer activities, luring victims through Facebook, Telegram and email. In a report published on Monday, South Korean cybersecurity firm Genians attributed the “triple combo” campaign to the DPRK cybercrime group Kimsuky, which frequently targets defense firms and North Korea-related activists and researchers. According to the researchers, the operation carried out in March and April was part of Kimsuky’s “AppleSeed” campaign, named for one of the group’s signature malware strains, and Read More © Korea Risk Group. All rights reserved. No part of this content may be reproduced, distributed, or used for commercial purposes without prior written permission from Korea Risk Group. LATEST ANALYSIS 01Trump lifted sanctions on Syria. But that playbook won’t work for North Korea. 02Why Kim Jong Un’s latest military reshuffle wasn’t tied to warship launch mishap 03High rollers: How North Korea could exploit casinos to finance nuclear weapons 04North Korea’s damaged warship begins repairs near port hosting Russia arms trade 05Lee Jae-myung pivoted right on North Korea. Will he stick to that as president? 06New effort to monitor North Korea sanctions is ‘shadow’ of UN Panel of Experts 07Why Trump’s Golden Dome could upset the ‘nuclear balance’ with North Korea 08More than just North Korean threats are driving ROK support for nuke submarines

News

North Korean hackers pose as defector support volunteers in phishing campaign

Kimsuky cybercriminals used Facebook, Telegram and email to spread malware through DPRK-focused lures

Dave Yin | Shreyas Reddy June 12, 2025

North Korean hackers pose as defector support volunteers in phishing campaign

Men using computers in North Korea | Image: NK News (Jan. 2018)

A North Korean threat actor known for its prolific espionage operations recently carried out a monthslong phishing campaign using content related to defector volunteer activities, luring victims through Facebook, Telegram and email.

In a report published on Monday, South Korean cybersecurity firm Genians attributed the “triple combo” campaign to the DPRK cybercrime group Kimsuky, which frequently targets defense firms and North Korea-related activists and researchers.

According to the researchers, the operation carried out in March and April was part of Kimsuky’s “AppleSeed” campaign, named for one of the group’s signature malware strains, and

01Trump lifted sanctions on Syria. But that playbook won’t work for North Korea.
02Why Kim Jong Un’s latest military reshuffle wasn’t tied to warship launch mishap
03High rollers: How North Korea could exploit casinos to finance nuclear weapons
04North Korea’s damaged warship begins repairs near port hosting Russia arms trade
05Lee Jae-myung pivoted right on North Korea. Will he stick to that as president?
06New effort to monitor North Korea sanctions is ‘shadow’ of UN Panel of Experts
07Why Trump’s Golden Dome could upset the ‘nuclear balance’ with North Korea
08More than just North Korean threats are driving ROK support for nuke submarines

North Korean hackers pose as defector support volunteers in phishing campaign

LATEST ANALYSIS

Similar Articles

About the Authors

Dave Yin

Shreyas Reddy