Proofpoint has been tracking #TA427, a North Korea-aligned threat actor, for years.

Recently, the team observed changes in the group's tactics and targeting, including exploiting #DMARC and web beacons.

Greg Lesnewich shared his insight with The CyberWire Research Saturday podcast host Dave Bittner.

Stream now at https://thecyberwire.com/podcasts/research-saturday/326/notes.

#EmeraldSleet #APT43 #THALLIUM #Kimsuky

Proofpoint’s threat research team has been tracking state-aligned actors for years. In a new report, they detail TA427, a group observed using new tactics, including persona spoofing and the incorporation of web beacons.

Blog: https://www.proofpoint.com/us/blog/threat-insight/social-engineering-dmarc-abuse-ta427s-art-information-gathering?utm_source=linkedin&utm_medium=social_organic&utm_campaign=2024&utm_post_id=35029a5f-a6c8-46ee-b34e-1ed3f5bee16e

Get to know advanced persistent threat (APT) #TA427:

👋 Also goes by #EmeraldSleet, #APT43, #THALLIUM, #Kimsuky

🤝 Likely supports #DPRK intelligence on US and ROK foreign policy

🔥 A savvy #socialengineering expert

💬 Likes the long game: builds rapport with targets over weeks/months

🥸 Uses multiple aliases, usually small/under-resourced think tanks and NGOs

😈 Seen abusing #DMARC, spoofing private email accounts, and typosquatting

Explore the blog, and help spread the word about TA427’s prolific activity so potential targets are prepared to protect their people and defend their data.