CyberSecurityBoard
Sponsor Register Login

Kimsuky

Kimsuky is a North Korea-based cyber espionage group that has been active since at least 2012. The group initially focused on targeting South Korean government entities, think tanks, and individuals identified as experts in various fields, and expanded its operations to include the United States, Russia, Europe, and the UN. Kimsuky has focused its intelligence collection activities on foreign policy and national security issues related to the Korean peninsula, nuclear policy, and sanctions.Kimsuky was assessed to be responsible for the 2014 Korea Hydro & Nuclear Power Co. compromise; other notable campaigns include Operation STOLEN PENCIL (2018), Operation Kabar Cobra (2019), and Operation Smoke Screen (2019).North Korean group definitions are known to have significant overlap, and some security researchers report all North Korean state-sponsored cyber activity under the name Lazarus Group instead of tracking clusters or subgroups.

This Cyber News was published on attack.mitre.org. Publication date: Thu, 07 Dec 2023 22:12:07 +0000


Cyber News related to Kimsuky

North Korea-linked APT Kimsuky targeted German defense firm Diehl Defence - North Korea-linked APT group Kimsuky has been linked to a cyberattack on Diehl Defence, a defense firm specializing in the production of advanced military systems. “Researchers from Mandiant, a Google subsidiary, uncovered and analyzed a ...
1 year ago Securityaffairs.com Kimsuky
North Korean Hacker Group Kimsuky Deploys New Linux Malware 'Gomir' via Trojanized Software Installers - Kimsuky, linked to North Korea's military intelligence, the Reconnaissance General Bureau, has a history of sophisticated cyber attacks aimed primarily at South Korean entities. In early February 2024, researchers at SW2, a threat intelligence ...
1 year ago Cysecurity.news Kimsuky
North Korea's Kimsuky Attacks Rivals' Trusted Platforms - North Korea-linked threat groups are increasingly using living-off-the-land (LotL) techniques and trusted services to evade detection, with a recent Kimsuky campaign showcasing the use of PowerShell scripts and storing data in Dropbox folders, along ...
9 months ago Darkreading.com Andariel Kimsuky
Exposed Kim Dump Exposes Kimsuky Hackers - The recent leak known as the "Exposed Kim Dump" has unveiled critical insights into the operations of the Kimsuky hacker group, a notorious North Korean cyber espionage entity. This dump includes a wealth of data that sheds light on Kimsuky's ...
2 months ago Cybersecuritynews.com Kimsuky
US govt sanctions North Korea's Kimsuky hacking group - The Treasury Department's Office of Foreign Assets Control has sanctioned the North Korean-backed Kimsuky hacking group for stealing intelligence in support of the country's strategic goals. OFAC has also sanctioned eight North Korean agents for ...
1 year ago Bleepingcomputer.com Andariel Kimsuky
Kimsuky Group Using Weaponized file Deploy AppleSeed Malware - Hackers use weaponized LNK files to exploit vulnerabilities in Windows operating systems. These files often contain malicious code that can be executed when the user clicks on the shortcut. These weaponized files allow threat actors to perform ...
1 year ago Cybersecuritynews.com Kimsuky
Kimsuky - Kimsuky, also known as Velvet Chollima and Black Banshee, is a North Korean state-backed hacker group. The group has been active since at least 2012 and initially focused on targeting South Korean government entities, think tanks, and individuals ...
1 year ago Kimsuky
North Korea-Linked Group Levels Multistage Cyberattack on South Korea - North Korea-linked threat group Kimsuky has adopted a longer, eight-stage attack chain that abuses legitimate cloud services and employs evasive malware to conduct cyber espionage and financial crimes against South Korean entities. NET applications - ...
1 year ago Darkreading.com Kimsuky
Kimsuky Hackers Using ClickFix Technique to Execute Malicious Scripts on Victim Machines - Cyber Security News - The attackers impersonate legitimate entities, including government officials, news correspondents, and security personnel, to establish trust before delivering malicious payloads through encrypted archives or deceptive websites designed to mimic ...
4 months ago Cybersecuritynews.com Kimsuky
Kimsuky Hackers Deploy Weaponized LNK File in Latest Espionage Campaign - Kimsuky, a notorious North Korean hacker group, has been observed deploying a weaponized LNK file in their latest cyber espionage campaign. This attack vector leverages malicious shortcut files to execute payloads stealthily on targeted systems, ...
2 months ago Cybersecuritynews.com Kimsuky
Kimsuky - Kimsuky is a North Korea-based cyber espionage group that has been active since at least 2012. The group initially focused on targeting South Korean government entities, think tanks, and individuals identified as experts in various fields, and ...
1 year ago Attack.mitre.org Kimsuky Lazarus Group
Kimsuky APT Targets South Korean Androids, Abuses KakaoTalk for Espionage - The Kimsuky advanced persistent threat (APT) group has been actively targeting South Korean Android users by exploiting the popular messaging app KakaoTalk to conduct espionage activities. This campaign highlights the evolving tactics of Kimsuky, ...
2 weeks ago Darkreading.com Kimsuky
Kimsuky Hacker Group Employs New Phishing Tactics & Malware Infections - The group, known for targeting government entities, think tanks, and individuals related to foreign policy and national security, has enhanced its technical capabilities with multi-stage attack chains designed to evade detection while extracting ...
6 months ago Cybersecuritynews.com Kimsuky
North Korea APT Slapped With Cyber Sanctions After Satellite Launch - The US Department of the Treasury Office of Foreign Assets Control has announced it has sanctioned cyberespionage group Kimsuky for collecting intelligence on behalf of the Democratic People's Republic of Korea. The OFAC said the sanctions are ...
1 year ago Darkreading.com Kimsuky
North Korea's state hackers stole $3 billion in crypto since 2017 - North Korean-backed state hackers have stolen an estimated $3 billion in a long string of hacks targeting the cryptocurrency industry over the last six years since January 2017. Kimsuky, Lazarus Group, Andariel, and other North Korean hacking groups ...
1 year ago Bleepingcomputer.com Andariel Kimsuky Lazarus Group
U.S. Treasury Sanctions Eight Foreign-Based Agents and North Korean Kimsuky Attackers - Sanctions imposed by the United States are technically in response for a North Korean military reconnaissance satellite launch on Nov. 21, but they are also intended to deprive the DPRK of revenue, materials, and intelligence needed to sustain its ...
1 year ago Cysecurity.news Andariel Kimsuky Lazarus Group
Kimsuky HTTPtroy Backdoor Targets South Korea Users - The Kimsuky threat group has deployed a new HTTPtroy backdoor targeting users in South Korea, highlighting a sophisticated cyber espionage campaign. This malware enables attackers to maintain persistent access and exfiltrate sensitive data from ...
3 weeks ago Darkreading.com Kimsuky
North Korea's ScarCruft Attackers Gear Up to Target Cybersecurity Pros - ScarCruft, the North Korea-sponsored advanced persistent threat group, is gearing up for targeted attacks on cybersecurity researchers and other members of the threat intelligence community - likely in a bid to steal nonpublic threat intel and ...
1 year ago Darkreading.com Kimsuky
North Korean Kimsuky Hackers New Tactics & Malicious Scripts in Latest Attacks - The attack’s initial payload consists of four files: a heavily obfuscated VBScript (1.vbs), a PowerShell script (1.ps1), and two encoded text files (1.log and 2.log) that contain the actual malware components. Cyber Security News is a Dedicated ...
8 months ago Cybersecuritynews.com Kimsuky
State-sponsored hackers embrace ClickFix social engineering tactic - Proofpoint reports that APT28, a GRU unit, also used ClickFix as early as October 2024, using phishing emails mimicking a Google Spreadsheet, a reCAPTCHA step, and PowerShell execution instructions conveyed via a pop-up. ClickFix attacks are gaining ...
7 months ago Bleepingcomputer.com APT28 Kimsuky MuddyWater
Kimsuky and Lazarus Hacker Groups Unveil New Tools - The notorious North Korean hacker groups Kimsuky and Lazarus have recently unveiled new cyber tools, escalating their threat capabilities in the global cybersecurity landscape. These groups, known for their sophisticated cyber espionage and ...
4 weeks ago Cybersecuritynews.com CVE-2023-28252 CVE-2023-4863 Kimsuky Lazarus
Experts from the United Nations Report North Korean Hackers Have Taken a Large Amount of Digital Assets - Last year, North Korean hackers working for the government stole a record-breaking amount of virtual assets estimated to be worth between $630 million and more than $1 billion, according to a new report from U.N. experts. The panel of experts said ...
2 years ago Securityweek.com Andariel Kimsuky Lazarus Group Rocke
North Korean Hackers Using Dropbox & PowerShell Scripts To Infiltrate Organizations - Dubbed ‘DEEP#DRIVE’ by researchers at Securonix, the operation leverages phishing lures, obfuscated PowerShell scripts, and Dropbox’s infrastructure to bypass security defenses and exfiltrate sensitive data. A coordinated cyber ...
9 months ago Cybersecuritynews.com Kimsuky
Staying ahead of threat actors in the age of AI - At the same time, it is also important for us to understand how AI can be potentially misused in the hands of threat actors. In collaboration with OpenAI, today we are publishing research on emerging threats in the age of AI, focusing on identified ...
1 year ago Microsoft.com Kimsuky

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)