Inside Kimsuky’s Latest Cyberattack: Analyzing Malicious Scripts and Payloads

March 27, 2025, 9:54 p.m.

Description

Kimsuky, also known as “Black Banshee,” a North Korean APT group active at least from 2012, is believed to be state-sponsored. Their cyber espionage targets countries like South Korea, Japan, and the U.S. Their tactics include phishing, malware infections (RATs, backdoors, wiper malware), supply chain attacks, lateral movement within networks and data exfiltration.

External References

https://labs.k7computing.com/index.php/inside-kimsukys-latest-cyberattack-analyzing-malicious-scripts-and-payloads/
https://otx.alienvault.com/pulse/67e5c75c2569365ec3ecae21
Tags
kimsuky
rats
zip file
chrome
file
2025-03-27
firefox
edge
naver whale
c2 command
black banshee
apt group
64677cae14a2ec4d393a81548417b61b

Date

  • Created: March 27, 2025, 9:47 p.m.
  • Published: March 27, 2025, 9:47 p.m.
  • Modified: March 27, 2025, 9:54 p.m.

Attack Patterns

  • 64677CAE14A2EC4D393A81548417B61B
  • Kimsuky
  • T1030
  • T1135
  • T1014
  • T1113
  • T1070
  • T1140
  • T1027
  • T1560
  • T1056
  • T1195
  • T1059

Additional Informations

  • Korea, Republic of
  • Japan
  • United States of America