Analysis of the Triple Combo Threat of the Kimsuky Group

June 11, 2025, 10:18 p.m.

Description

The Genians Security Center (GSC) detected an APT (Advanced Persistent Threat) campaign targeting users of Facebook, email, and Telegram in Korea between March and April 2025. The threat actor explored reconnaissance and selected attack targets through two Facebook accounts.

Tags
apt
kimsuky
babyshark
powershell
shell
dll file
execution
appleseed
telegram
facebook
linkedin
vmprotect
2025-06-11
username
kimsuky group
flowerpower
golddragon

Date

  • Created: June 11, 2025, 10:07 p.m.
  • Published: June 11, 2025, 10:07 p.m.
  • Modified: June 11, 2025, 10:18 p.m.

Indicators

  • c1958894129800843f627bc791ae046f9f4c5b26a4cb7bd7b6d684b110be690a
  • 3314b6ea393e180c20db52448ab6980343bc3ed623f7af91df60189fec637744
  • 24a42a912c6ad98ab3910cb1e031edbdf9ed6f452371d5696006c9cf24319147
  • woana.n-e.kr
  • vamboo.n-e.kr
  • update.screawear.ga
  • onsungtong.n-e.kr
  • peras1.n-e.kr
  • nomera.n-e.kr
  • nocamoto.o-r.kr
  • nauji.n-e.kr
  • hyper.cadorg.p-e.kr
  • download.uberlingen.com
  • afcafe.kro.kr
Download all indicators here!

Attack Patterns

  • BabyShark
  • Kimsuky
  • Kimsuky

Additional Informations

  • Cryptocurrency
  • Military
  • Defense