APT Group Kimsuky Targets University Researchers

Aug. 9, 2024, 12:09 p.m.

Description

A report detailing an ongoing cyberattack campaign by the North Korean APT group Kimsuky, which is targeting university staff, researchers, and professors to conduct espionage and gather intelligence for the North Korean government. The group employs phishing tactics, compromised infrastructure, and customized phishing tools to steal login credentials and gain access to university networks, enabling them to pilfer research and sensitive data.

External References

https://www.cyberresilience.com/threatintel/apt-group-kimsuky-targets-university-researchers
https://otx.alienvault.com/pulse/66b60042a62e4a29587e0e28
Tags
apt
espionage
phishing
north korea
2024-08-09
universities

Date

  • Created: Aug. 9, 2024, 11:40 a.m.
  • Published: Aug. 9, 2024, 11:40 a.m.
  • Modified: Aug. 9, 2024, 12:09 p.m.

Indicators

  • http://penlu.or.kr/data/view.xn--php-9o0a
  • nsmnop99@gmail.com
  • nolpoaw@daum.net
  • nkodfgl@gmail.com
  • nmakope@daum.net
  • nboipw@daum.net
  • nasaioy0@gmail.com
  • nasndaoop@gmail.com
  • naokilw@daum.net
  • nanmskeo@gmail.com
  • nahoiu95@gmail.com
  • nabsoiu@daum.net
  • aaa@naver.com
  • no-reply@sisileae.com
  • en.asaninst.org
  • wodos.online
  • wodods.xyz
  • sorsi.online
  • simos.online
  • osihi.store
  • penlu.or.kr
  • nusiu.live
  • dorray.site
  • audko.store
Download all indicators here!

Attack Patterns

  • Kimsuky

Additional Informations

  • Education
  • Government
  • United Kingdom of Great Britain and Northern Ireland
  • United States of America