North Korean Kimsuky Hackers Use Russian Email Addresses for Credential Theft Attacks

The North Korea-aligned threat actor Kimsuky has been linked to a series of phishing attacks aimed at credential theft, often using email messages that appear to originate from Russian sender addresses. Initially, phishing emails were sent via email services in Japan and Korea until early September, after which some emails began masquerading as if they were sent from Russia.