CyberSecurityBoard
Sponsor Register Login

Kimsuky HTTPtroy Backdoor Targets South Korea Users

The Kimsuky threat group has deployed a new HTTPtroy backdoor targeting users in South Korea, highlighting a sophisticated cyber espionage campaign. This malware enables attackers to maintain persistent access and exfiltrate sensitive data from compromised systems. The campaign leverages phishing emails and malicious attachments to infiltrate networks, emphasizing the need for heightened vigilance among South Korean organizations. Security experts recommend implementing advanced endpoint detection and response solutions, alongside regular user training to recognize phishing attempts. The emergence of HTTPtroy underscores the evolving tactics of Kimsuky, a group known for its focus on geopolitical intelligence gathering. Organizations should prioritize patch management and network segmentation to mitigate risks associated with such backdoors. Continuous monitoring and threat intelligence sharing are crucial to defend against these persistent threats. This incident serves as a reminder of the importance of a multi-layered cybersecurity strategy to protect critical infrastructure and sensitive information from state-sponsored actors.

This Cyber News was published on www.darkreading.com. Publication date: Wed, 05 Nov 2025 02:10:05 +0000


Cyber News related to Kimsuky HTTPtroy Backdoor Targets South Korea Users

North Korea-linked APT Kimsuky targeted German defense firm Diehl Defence - North Korea-linked APT group Kimsuky has been linked to a cyberattack on Diehl Defence, a defense firm specializing in the production of advanced military systems. “Researchers from Mandiant, a Google subsidiary, uncovered and analyzed a ...
1 year ago Securityaffairs.com Kimsuky
North Korea's Kimsuky Attacks Rivals' Trusted Platforms - North Korea-linked threat groups are increasingly using living-off-the-land (LotL) techniques and trusted services to evade detection, with a recent Kimsuky campaign showcasing the use of PowerShell scripts and storing data in Dropbox folders, along ...
9 months ago Darkreading.com Andariel Kimsuky
North Korean Hacker Group Kimsuky Deploys New Linux Malware 'Gomir' via Trojanized Software Installers - Kimsuky, linked to North Korea's military intelligence, the Reconnaissance General Bureau, has a history of sophisticated cyber attacks aimed primarily at South Korean entities. In early February 2024, researchers at SW2, a threat intelligence ...
1 year ago Cysecurity.news Kimsuky
Kimsuky HTTPtroy Backdoor Targets South Korea Users - The Kimsuky threat group has deployed a new HTTPtroy backdoor targeting users in South Korea, highlighting a sophisticated cyber espionage campaign. This malware enables attackers to maintain persistent access and exfiltrate sensitive data from ...
3 weeks ago Darkreading.com Kimsuky
US govt sanctions North Korea's Kimsuky hacking group - The Treasury Department's Office of Foreign Assets Control has sanctioned the North Korean-backed Kimsuky hacking group for stealing intelligence in support of the country's strategic goals. OFAC has also sanctioned eight North Korean agents for ...
1 year ago Bleepingcomputer.com Andariel Kimsuky
Kimsuky Group Using Weaponized file Deploy AppleSeed Malware - Hackers use weaponized LNK files to exploit vulnerabilities in Windows operating systems. These files often contain malicious code that can be executed when the user clicks on the shortcut. These weaponized files allow threat actors to perform ...
1 year ago Cybersecuritynews.com Kimsuky
New HTTPtroy Backdoor Poses as VPN Service to Evade Detection - A new sophisticated backdoor malware named HTTPtroy has been discovered masquerading as a VPN service to evade detection and maintain persistent access on compromised systems. HTTPtroy is designed to blend in with legitimate network traffic by ...
3 weeks ago Thehackernews.com CVE-2025-12345 APT42
Exposed Kim Dump Exposes Kimsuky Hackers - The recent leak known as the "Exposed Kim Dump" has unveiled critical insights into the operations of the Kimsuky hacker group, a notorious North Korean cyber espionage entity. This dump includes a wealth of data that sheds light on Kimsuky's ...
2 months ago Cybersecuritynews.com Kimsuky
US, Japan and South Korea Unite to Counter North Korean Cyber Activiti - The US, Japan and South Korea have established a high-level consultative body designed to counter North Korea's cyber activities. A key purpose of the new group is to prevent cyber-attacks and crypto heists used to fund North Korea's weapons ...
1 year ago Infosecurity-magazine.com
North Korea-Linked Group Levels Multistage Cyberattack on South Korea - North Korea-linked threat group Kimsuky has adopted a longer, eight-stage attack chain that abuses legitimate cloud services and employs evasive malware to conduct cyber espionage and financial crimes against South Korean entities. NET applications - ...
1 year ago Darkreading.com Kimsuky
BianLian GOs for PowerShell After TeamCity Exploitation - In conjunction with GuidePoint's DFIR team, we responded to an incident that began with the exploitation of a TeamCity server which resulted in the deployment of a PowerShell implementation of BianLian's GO backdoor. The threat actor identified a ...
1 year ago Securityboulevard.com CVE-2024-27198 CVE-2023-42793 BianLian
Seoul Police Reveals: North Korean Hackers Stole South Korean Anti-Aircraft Data - South Korea: Seoul police have charged Andariel, a North Korea-based hacker group for stealing critical defense secrets from South Korea's defense companies. Allegedly, the laundering ransomware is redirected to North Korea. One of the 1.2 terabytes ...
1 year ago Cysecurity.news Andariel Lazarus Group
Kimsuky - Kimsuky, also known as Velvet Chollima and Black Banshee, is a North Korean state-backed hacker group. The group has been active since at least 2012 and initially focused on targeting South Korean government entities, think tanks, and individuals ...
1 year ago Kimsuky
Kimsuky APT Targets South Korean Androids, Abuses KakaoTalk for Espionage - The Kimsuky advanced persistent threat (APT) group has been actively targeting South Korean Android users by exploiting the popular messaging app KakaoTalk to conduct espionage activities. This campaign highlights the evolving tactics of Kimsuky, ...
2 weeks ago Darkreading.com Kimsuky
Experts from the United Nations Report North Korean Hackers Have Taken a Large Amount of Digital Assets - Last year, North Korean hackers working for the government stole a record-breaking amount of virtual assets estimated to be worth between $630 million and more than $1 billion, according to a new report from U.N. experts. The panel of experts said ...
2 years ago Securityweek.com Andariel Kimsuky Lazarus Group Rocke
North Korea APT Slapped With Cyber Sanctions After Satellite Launch - The US Department of the Treasury Office of Foreign Assets Control has announced it has sanctioned cyberespionage group Kimsuky for collecting intelligence on behalf of the Democratic People's Republic of Korea. The OFAC said the sanctions are ...
1 year ago Darkreading.com Kimsuky
Lazarus hackers breach six companies in watering hole attacks - In the incidents analyzed by Kaspersky, victims are redirected to sites that mimick software vendors, such as the distributor of Cross EX - a tool that enables South Koreans to use security software in various web browsers for online banking and ...
7 months ago Bleepingcomputer.com
Kimsuky Hackers Using ClickFix Technique to Execute Malicious Scripts on Victim Machines - Cyber Security News - The attackers impersonate legitimate entities, including government officials, news correspondents, and security personnel, to establish trust before delivering malicious payloads through encrypted archives or deceptive websites designed to mimic ...
4 months ago Cybersecuritynews.com Kimsuky
North Korea's ScarCruft Attackers Gear Up to Target Cybersecurity Pros - ScarCruft, the North Korea-sponsored advanced persistent threat group, is gearing up for targeted attacks on cybersecurity researchers and other members of the threat intelligence community - likely in a bid to steal nonpublic threat intel and ...
1 year ago Darkreading.com Kimsuky
North Korea's state hackers stole $3 billion in crypto since 2017 - North Korean-backed state hackers have stolen an estimated $3 billion in a long string of hacks targeting the cryptocurrency industry over the last six years since January 2017. Kimsuky, Lazarus Group, Andariel, and other North Korean hacking groups ...
1 year ago Bleepingcomputer.com Andariel Kimsuky Lazarus Group
State-Sponsored APT Groups Use Ransomware Tactics for Intelligence Gathering and Sabotage - State-sponsored threat groups are increasingly using ransomware-like tactics to hide more insidious activities. Russian APT group Sandworm has used ransomware programs to destroy data multiple times in the past six months, while North Korea's Lazarus ...
2 years ago Csoonline.com Andariel APT3 APT37 APT38 Kimsuky Lazarus Group BianLian
South Korea makes crypto crackdown a national priority The Register - South Korea's Ministry of Justice will create a "Virtual Currency Tracking System" to crack down on money laundering facilitated by cryptocurrencies, and rated the establishment of the facility among its priorities for the year. The Ministry last ...
2 years ago Packetstormsecurity.com
Louis Vuitton says customers in Turkey, South Korea and UK impacted by data breaches | The Record from Recorded Future News - A statement from Louis Vuitton South Korea said the breach involved names, contact information and other data provided by customers. Luxury brand Louis Vuitton said data breaches at its stores in Turkey, South Korea and the United Kingdom exposed the ...
4 months ago Therecord.media Scattered Spider
Kimsuky - Kimsuky is a North Korea-based cyber espionage group that has been active since at least 2012. The group initially focused on targeting South Korean government entities, think tanks, and individuals identified as experts in various fields, and ...
1 year ago Attack.mitre.org Kimsuky Lazarus Group
Sophisticated Vishing Campaigns Take World by Storm - Voice phishing, or vishing, is having a moment right now, with numerous active campaigns across the world that are ensnaring even savvy victims who might seem likely to know better, defrauding them in some cases of millions of dollars. South Korea is ...
1 year ago Darkreading.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)