This article analyzes a phishing email believed to be created by the Kimsuky group, which disguises itself as a notification for a value-added tax payment from the National Tax Service. The email appears legitimate but is linked to a Russian email address, exposing users to potential fraud. Affected: Kimsuky, email users, National Tax Service.
Keypoints :
- The phishing email pretends to be a tax payment notification from the National Tax Service.
- It includes a sense of urgency with a deadline for document viewing.
- The emailโs sender is linked to a Russian domain, raising suspicion.
- Phishing links are present, leading to potentially malicious sites.
- An analysis of the email header shows technical details suggesting illegitimacy.
MITRE Techniques :
- Phishing (T1566) โ The attack involves sending a deceptive email posing as an official document to trick users into clicking a link.
Indicator of Compromise :
- [URL] hxxp://authurize.niduser.info.dns.cloud.check-info.o-r.kr
- [Email Address] health-info@internet.ru
- [IP Address] 89.221.237.244
- [Domain] internet.ru
- [Domain] mail.ru
Full Story: https://wezard4u.tistory.com/429393