US Energy Sector Targeted in North Korean Spear-Phishing Campaign

FireEye reported that cyber actors affiliated with the North Korean government sent spear-phishing emails to US electric companies on September 22, 2017. This is likely indicative of reconnaissance-phase activity typically intended to gather intelligence from a network rather than to disrupt operations. FireEye is aware of similar activity conducted by North Korean-affiliated actors against South Korean electric utilities. This campaign highlights the increase in cyber operations against US critical infrastructure – especially against the energy sector – by nation-state adversaries, demonstrating their interest in developing capabilities to infiltrate these networks. The NJCCIC recommends that US critical infrastructure organizations review the FireEye report and maintain awareness of this and similar tactics.