Suspected DPRK Phishing Campaign Targets Naver; Separate Apple Domain Spoofing Cluster Identified
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
Researchers discovered a potential North Korean phishing campaign targeting Naver, a major South Korean tech platform. The investigation revealed an exposed directory containing phishing pages designed to steal Naver user credentials. Separately, an infrastructure cluster was identified using domains and certificates impersonating Apple. Both findings align with tactics commonly associated with DPRK cyber operations. The phishing server, hosted in Seoul, contained multiple folders with files for credential theft. Additionally, a cluster of IPs across various countries was found sharing TLS certificates and domains spoofing Apple. The use of low-cost domains, Let's Encrypt certificates, and frequent infrastructure changes are consistent with known DPRK threat actor behaviors.
OPENCTI LABELS :
phishing,credential theft,apple,dprk,infrastructure analysis,domain spoofing,naver,tls certificates
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
Suspected DPRK Phishing Campaign Targets Naver; Separate Apple Domain Spoofing Cluster Identified