top of page

North Korean-based cyber organisation is stealing emails

Businesses are being advised to make their IT teams aware of a North Korean-based cyber organisation known as Kimusuky who are using a malicious browser extension known as 'Sharpext' to steal emails from Gmail and AOL accounts.

According to reports, attackers are said to have installed the malicious web extension after infiltrating a victim's system and installing a custom script that replaces the 'Preferences' files with those installed from the malware command centre.

A victim may be scrolling through their emails and reading important information when it is stolen and read by third parties right in front of their eyes. The attack goes undetected because it gains access through an already logged-in session, which the email provider misses.

Because no suspicious activity alerts are activated, victims are frequently unaware that their information has been accessed and stolen. Sharpext has previously been used in targeted attacks on foreign policy and strategic individuals in Europe and other Western countries.

However, this malware has been used against both individuals and businesses, stealing information and potentially selling it to third parties. This can include customer information, bank information, and critical login information that can bring systems down and jeopardise your finances.

To avoid becoming a victim, guidance includes instructing teams to refrain from downloading and installing web extensions that appear suspicious and are not directly recommended by Google or other trusted authorities.

If you suspect that your systems have been compromised, scan them with anti-virus software and report an ongoing cybercrime to Action Fraud and the police.

The EMCRC is a not-for-profit organisation dedicated to educating, informing, and assisting businesses throughout the East Midlands - and beyond - in protecting them from cybercrime and fraud.

Why not join our free core membership? You'll get free cyber security resources as well as a regular newsletter to keep you up to date on the latest advice.

Please contact us for more information on protecting your business online.



Report all Fraud and Cybercrime to Action Fraud by calling 0300 123 2040 or online. Forward suspicious emails to Report SMS scams by forwarding the original message to 7726 (spells SPAM on the keypad).



The contents of blog posts on this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of East Midlands Cyber Resilience Centre (EMCRC) is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others. Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. EMCRC provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us by email.


EMCRC does not accept any responsibility for any loss which may arise from reliance on information or materials published on this blog. EMCRC is not responsible for the content of external internet sites that link to this site or which are linked from it.

bottom of page