North Korea hacking group named Kimsuky is using sophistication to assure that its malware reaches the right targets with great accuracy. According to Kaspersky, Kimsuky hackers are targeting mainly companies and high-profile individuals from the Korean Peninsula.
It all begins with a phishing email that is targeted by politicians, diplomats, university research professors, and journalists in North and South Korea. As soon as the victim clicks the email phishing link, it connects with the control and command server and verifies a point before downloading the malicious payload. If the server detects the victim is not in their targeted list, it then backs out from the system and the network.
Otherwise, it validates the OS, username, MS Office version, .NET framework version and the IP address of the victim and drops a malicious macros payload that has capabilities of not only becoming a malware but also an espionage tool if/when needed.
Security researchers from Kaspersky are in an opinion that Kimsuky threat actors are highly sophisticated and deploy custom malware by using Google Chrome extensions to steal emails from victims.
NOTE- North Korea hackers who are mostly state funded are known to target victims to mint money. They do so to fulfill the nuclear ambitions of the North Korea Leader Kim Jong Un. Kimsuky is also into the stealing of cryptocurrency from trading platforms and individuals and a lot of research is needed to know more about this hacking group.