North Korea’s involvement in the war in Ukraine extends beyond sending soldiers, munitions, and missiles to Russia, as cybersecurity researchers warn of recent cyberespionage campaigns against Ukrainian government entities by a known North Korean state-sponsored actor.
“Proofpoint assesses TA406 is targeting Ukrainian government entities to better understand the appetite to continue fighting against the Russian invasion and assess the medium-term outlook of the conflict,” researchers from cybersecurity firm Proofpoint wrote in a report this week.
TA406, also known in the security industry as Konni, Opal Sleet, and OSMIUM, has been active since at least 2014 and, ironically, has historically been tasked with targeting Russia, as well as South Korea. For example, in January 2022 Konni targeted Russian diplomats with phishing emails masquerading as New Year greetings.
