Back

APT Group Kimsuky Targets University Researchers

Aug. 9, 2024, 12:09 p.m.

Tags

apt
espionage
phishing
north korea
2024-08-09
universities

External References

https://www.cyberresilience.com/

https://otx.alienvault.com/

Description

A report detailing an ongoing cyberattack campaign by the North Korean APT group Kimsuky, which is targeting university staff, researchers, and professors to conduct espionage and gather intelligence for the North Korean government. The group employs phishing tactics, compromised infrastructure, and customized phishing tools to steal login credentials and gain access to university networks, enabling them to pilfer research and sensitive data.

Date

Published Created Modified
Aug. 9, 2024, 11:40 a.m. Aug. 9, 2024, 11:40 a.m. Aug. 9, 2024, 12:09 p.m.

Indicators

http://penlu.or.kr/data/view.xn--php-9o0a

nsmnop99@gmail.com

nolpoaw@daum.net

nkodfgl@gmail.com

nmakope@daum.net

nboipw@daum.net

nasaioy0@gmail.com

nasndaoop@gmail.com

naokilw@daum.net

nanmskeo@gmail.com

nahoiu95@gmail.com

nabsoiu@daum.net

aaa@naver.com

no-reply@sisileae.com

Attack Patterns

Kimsuky

T1588

T1598

T1082

T1057

T1102

T1192

T1027

T1053

T1056

T1566

T1078

T1003

T1059

Additional Informations

Education

Government

United Kingdom of Great Britain and Northern Ireland

United States of America