Classification of Attack Types and Analysis of Attack Methods for Profiling Phishing Mail Attack Groups

In recent years, there has been an increase in the number of phishing attacks targeting people in the fields of defense, security, and diplomacy around the world. In particular, hacking attack group Kimsuky has been conducting phishing attacks to collect key information from public institutions since 2013. The main feature of the attack techniques used by the Kimsuky attack group are to conceal malicious code in phishing e-mails disguised as normal e-mails to spread a document file that is vulnerable to security, such as a Hangul file, or to induce interest through a social engineering attack technique to collect account information. This study classified the types of phishing e-mail attacks into spoofed e-mails, e-mail body vulnerability use, and attached file spoofing, and detailed analyses of their attack methods, such as commonality and characteristic analyses, were performed to analyze the profile of this phishing e-mail attack group. Based on the results, the purpose of the attacking group was determined to be intelligence gathering because it focused on phishing attacks targeting Korean diplomatic and defense public institutions and related foreign institutions. Finally, a countermeasure that can be used by mail service providers and mail users to respond to phishing e-mails is suggested.