Today > 1 Critical | 6 High | 24 Medium vulnerabilities   -   You can now download lists of IOCs here!

APT Group Kimsuky Targets University Researchers

Aug. 9, 2024, 12:09 p.m.

Description

A report detailing an ongoing cyberattack campaign by the North Korean APT group Kimsuky, which is targeting university staff, researchers, and professors to conduct espionage and gather intelligence for the North Korean government. The group employs phishing tactics, compromised infrastructure, and customized phishing tools to steal login credentials and gain access to university networks, enabling them to pilfer research and sensitive data.

Date

Published: Aug. 9, 2024, 11:40 a.m.

Created: Aug. 9, 2024, 11:40 a.m.

Modified: Aug. 9, 2024, 12:09 p.m.

Indicators

http://penlu.or.kr/data/view.xn--php-9o0a

nsmnop99@gmail.com

nolpoaw@daum.net

nkodfgl@gmail.com

nmakope@daum.net

nboipw@daum.net

nasaioy0@gmail.com

nasndaoop@gmail.com

naokilw@daum.net

nanmskeo@gmail.com

nahoiu95@gmail.com

nabsoiu@daum.net

aaa@naver.com

no-reply@sisileae.com

en.asaninst.org

wodos.online

wodods.xyz

sorsi.online

simos.online

osihi.store

penlu.or.kr

nusiu.live

dorray.site

audko.store

Attack Patterns

Kimsuky

T1588

T1598

T1082

T1057

T1102

T1192

T1027

T1053

T1056

T1566

T1078

T1003

T1059

Additional Informations

Education

Government

United Kingdom of Great Britain and Northern Ireland

United States of America