CSA-NORTH-KOREAN-ACTORS-EXPLOIT-WEAK-DMARC.pdf (545 KB)

NSA, FBI, and the U.S. State Department warned that DPRK cyber actors abuse weak DMARC policies to make spearphishing emails appear to come from legitimate journalists, academics, or East Asia experts. The campaigns support intelligence collection on geopolitical events, adversary foreign policy strategy, and information affecting North Korean interests by trying to access targets' documents, research, and communications. The advisory provides background on DPRK phishing tradecraft, red flags, sample emails, and mitigations, with strong DMARC enforcement presented as a practical control against spoofed sender domains.