Kimsuky

Kimsuky, also known as Velvet Chollima and Black Banshee, is a North Korean state-backed hacker group. The group has been active since at least 2012 and initially focused on targeting South Korean government entities, think tanks, and individuals identified as experts in various fields. Their targets include South Korean think tanks, industry, nuclear power operators, and the South Korean Ministry of Unification for espionage purposes. In recent years, Kimsuky has expanded their operations to include states such as Russia, the United States, and European nations. Kimsuky has focused its intelligence collection activities on foreign policy and national security issues related to the Korean peninsula, nuclear policy, and sanctions. They have been involved in several notable campaigns, including the 2014 Korea Hydro & Nuclear Power Co. compromise, Operation STOLEN PENCIL (2018), Operation Kabar Cobra (2019), and Operation Smoke Screen (2019). It’s important to note that Kimsuky is thought to be behind a wave of attacks attempting to steal victims’ personal information, IDs, passwords, as well as cryptocurrency.

Cyber News related to Kimsuky

Lumma Stealer Evolves with New PowerShell Tools & Advanced Techniques - “The variations we saw in Lumma Stealer behavior are significant to defenders,” noted the Sophos Managed Detection and Response team in their report, emphasizing that these delivery techniques could easily be adapted for other malware ...
3 weeks ago Cybersecuritynews.com Kimsuky

Kimsuky Hacker Group Employs New Phishing Tactics & Malware Infections - The group, known for targeting government entities, think tanks, and individuals related to foreign policy and national security, has enhanced its technical capabilities with multi-stage attack chains designed to evade detection while extracting ...
3 weeks ago Cybersecuritynews.com Kimsuky

Kimusky Hackers Exploiting RDP & MS Office Vulnerabilities in Targeted Attacks - A sophisticated Advanced Persistent Threat (APT) operation named Larva-24005, linked to the notorious Kimsuky threat group, has been discovered actively exploiting critical vulnerabilities in Remote Desktop Protocol (RDP) and Microsoft Office ...
1 month ago Cybersecuritynews.com Equation Kimsuky CVE-2019-0708

State-sponsored hackers embrace ClickFix social engineering tactic - Proofpoint reports that APT28, a GRU unit, also used ClickFix as early as October 2024, using phishing emails mimicking a Google Spreadsheet, a reCAPTCHA step, and PowerShell execution instructions conveyed via a pop-up. ClickFix attacks are gaining ...
1 month ago Bleepingcomputer.com APT28 Kimsuky MuddyWater

State Sponsored Hackers Now Widely Using ClickFix Attack Technique in Espionage Campaigns - While currently limited to experimental usage by these state-sponsored groups, the increasing popularity of ClickFix in both cybercrime and espionage campaigns suggests the technique will likely become more widely adopted as threat actors continue to ...
1 month ago Cybersecuritynews.com Kimsuky MuddyWater

Lazarus Group is No Longer Consider a Single APT Group, But Collection of Many Sub Groups - The cybersecurity landscape is witnessing a growing complexity in the attribution of Advanced Persistent Threat (APT) actors, particularly the North Korean-linked Lazarus group. For instance, Bureau325 and APT43 have been identified as entities that ...
2 months ago Cybersecuritynews.com Kimsuky Lazarus Group

North Korean Kimsuky Hackers New Tactics & Malicious Scripts in Latest Attacks - The attack’s initial payload consists of four files: a heavily obfuscated VBScript (1.vbs), a PowerShell script (1.ps1), and two encoded text files (1.log and 2.log) that contain the actual malware components. Cyber Security News is a Dedicated ...
2 months ago Cybersecuritynews.com Kimsuky

New Windows zero-day exploited by 11 state hacking groups since 2017 - The Windows zero-day, tracked as ZDI-CAN-25373, is caused by a User Interface (UI) Misrepresentation of Critical Information (CWE-451) weakness, which allows attackers to exploit how Windows displays shortcut (.lnk) files to evade detection and ...
2 months ago Bleepingcomputer.com Mustang Panda CVE-2024-43461 APT37 BITTER Kimsuky Sidewinder APT3

Beware of North Korean Hackers DocSwap Malware Disguised As Security Document Viewer - “The malicious app performs an XOR (0xCC) operation on the ‘security.db’ file in a subdirectory, which drops an APK file and loads the DEX file stored within it,” explained the report detailing the threat. A sophisticated ...
2 months ago Cybersecuritynews.com Kimsuky

Hackers Using Advanced Social Engineering Techniques With Phishing Attacks - ESET’s APT Activity Report shows that the North Korea-aligned threat actors have significantly refined their tactics, making traditional security advice like “don’t click suspicious links” increasingly inadequate as attacks ...
2 months ago Cybersecuritynews.com Kimsuky Lazarus Group

North Korean Hackers Using Dropbox & PowerShell Scripts To Infiltrate Organizations - Dubbed ‘DEEP#DRIVE’ by researchers at Securonix, the operation leverages phishing lures, obfuscated PowerShell scripts, and Dropbox’s infrastructure to bypass security defenses and exfiltrate sensitive data. A coordinated cyber ...
3 months ago Cybersecuritynews.com Kimsuky

North Korea's Kimsuky Attacks Rivals' Trusted Platforms - North Korea-linked threat groups are increasingly using living-off-the-land (LotL) techniques and trusted services to evade detection, with a recent Kimsuky campaign showcasing the use of PowerShell scripts and storing data in Dropbox folders, along ...
3 months ago Darkreading.com Andariel Kimsuky

DPRK hackers dupe targets into typing PowerShell commands as admin - Microsoft says it observed this tactic in limited-scope attacks starting January 2025, targeting individuals that work in international affairs organizations, NGOs, government agencies, and media companies across North America, South America, ...
3 months ago Bleepingcomputer.com Kimsuky

Andariel Hacking Group Shifts Focus to Financial Attacks on U.S. Organizations - In July 2024, a North Korean military intelligence operative part of the Andariel group was indicted by the U.S. Department of Justice (DoJ) for allegedly carrying out ransomware attacks against healthcare facilities in the country and using the ...
8 months ago Thehackernews.com Andariel Kimsuky

North Korea-linked APT Kimsuky targeted German defense firm Diehl Defence - North Korea-linked APT group Kimsuky has been linked to a cyberattack on Diehl Defence, a defense firm specializing in the production of advanced military systems. “Researchers from Mandiant, a Google subsidiary, uncovered and analyzed a ...
8 months ago Securityaffairs.com Kimsuky

Microsoft links North Korean hackers to new FakePenny ransomware - Microsoft has linked a North Korean hacking group it tracks as Moonstone Sleet to FakePenny ransomware attacks, which have led to millions of dollars in ransom demands. While this threat group's tactics, techniques, and procedures largely overlapped ...
1 year ago Bleepingcomputer.com Kimsuky Lazarus Group LockBit Ransomhub

North Korean Hacker Group Kimsuky Deploys New Linux Malware 'Gomir' via Trojanized Software Installers - Kimsuky, linked to North Korea's military intelligence, the Reconnaissance General Bureau, has a history of sophisticated cyber attacks aimed primarily at South Korean entities. In early February 2024, researchers at SW2, a threat intelligence ...
1 year ago Cysecurity.news Kimsuky

North Korean Kimsuky used a new Linux backdoor in recent attacks - Russia-linked APT28 used post-compromise tool GooseEgg to exploit CVE-2022-38028 Windows flaw. Threat actors exploited Palo Alto Pan-OS issue to deploy a Python Backdoor. Microsoft fixed two zero-day bugs exploited in malware attacks. HTTP/2 ...
1 year ago Securityaffairs.com CVE-2022-38028 CVE-2020-3259 CVE-2023-22515 APT28 APT29 BianLian

'The Mask' Espionage Group Resurfaces After 10-Year Hiatus - An advanced persistent threat group that has been missing in action for more than a decade has suddenly resurfaced in a cyber-espionage campaign targeting organizations in Latin America and Central Africa. Over that period, the Spanish-speaking ...
1 year ago Darkreading.com Kimsuky OilRig

North Korea-Linked Group Levels Multistage Cyberattack on South Korea - North Korea-linked threat group Kimsuky has adopted a longer, eight-stage attack chain that abuses legitimate cloud services and employs evasive malware to conduct cyber espionage and financial crimes against South Korean entities. NET applications - ...
1 year ago Darkreading.com Kimsuky

Staying ahead of threat actors in the age of AI - At the same time, it is also important for us to understand how AI can be potentially misused in the hands of threat actors. In collaboration with OpenAI, today we are publishing research on emerging threats in the age of AI, focusing on identified ...
1 year ago Microsoft.com Kimsuky

North Korea's ScarCruft Attackers Gear Up to Target Cybersecurity Pros - ScarCruft, the North Korea-sponsored advanced persistent threat group, is gearing up for targeted attacks on cybersecurity researchers and other members of the threat intelligence community - likely in a bid to steal nonpublic threat intel and ...
1 year ago Darkreading.com Kimsuky

Kimsuky Group Using Weaponized file Deploy AppleSeed Malware - Hackers use weaponized LNK files to exploit vulnerabilities in Windows operating systems. These files often contain malicious code that can be executed when the user clicks on the shortcut. These weaponized files allow threat actors to perform ...
1 year ago Cybersecuritynews.com Kimsuky

Hackers' Use of Remote Administration Tools to Control Systems - Remote administration tools are software that allows managing and controlling terminals from a remote location. The tools can be used for work-from-home purposes as well as remote control, management, and maintenance of unmanned devices. AnyDesk is a ...
1 year ago Gbhackers.com Kimsuky