On Aug. 21(U.S. time), cybersecurity firm Anomali announced in its research report that North Korea's CyberSpy targeted Stanford University in the U.S. and the French Ministry of European Diplomacy (MEAE).
The Anomali Threat Research Team in REDWOOD, California, in the United States began observing the attack after discovering a fake website disguised as a login page for a government diplomatic portal.
The research team found extensive phishing campaigns targeting major government agencies, think tanks and universities. Among the subjects were Stanford University in the U.S. and the French Ministry of European Diplomacy (MEAE).
The research team concluded that the malicious activity may be related to North Korean cyberspies. One of the infrastructures in use is believed to be linked to the "Smoke Screen" campaign reported by EST Security in April.
The Anomali Research team went through a notification process to certify and disclose the accuracy of all information before announcing its findings on North Korea's cyber espionage activities. The team also submitted detected phishing sites to Google Safe Browsing and Microsoft to consider them as blacklists.