Tag: kimsuky

8 Attack Reports | 0 Vulnerabilities

Attack reports

Dissecting Kimsuky's Attacks on South Korea: In-Depth Analysis of GitHub-Based Malicious Infrastructure

A sophisticated spearphishing campaign targeting South Korea has been uncovered, utilizing GitHub as attack infrastructure. The threat actor, linked to the North Korean group Kimsuky, created multiple private repositories to store malware, decoy files, and exfiltrated victim data. The attack levera…
north korea
spearphishing
kimsuky
dropbox
south korea
xenorat
2025-06-26
Published: June 26, 2025
Downloadable IOCs: 16

Analysis of the Triple Combo Threat of the Kimsuky Group

The Genians Security Center (GSC) detected an APT (Advanced Persistent Threat) campaign targeting users of Facebook, email, and Telegram in Korea between March and April 2025. The threat actor explored reconnaissance and selected attack targets through two Facebook accounts.
apt
kimsuky
babyshark
powershell
shell
dll file
execution
appleseed
telegram
facebook
linkedin
vmprotect
2025-06-11
username
kimsuky group
flowerpower
golddragon
Published: June 11, 2025
Downloadable IOCs: 14

Case of Larva-25004 Group (Related to Kimsuky) Exploiting Additional Certificate - Malware Signed with Nexaweb Certificate

AhnLab Security Intelligence Center discovered malware signed with Nexaweb Inc.'s certificate, linked to the Kimsuky group's activities. The malware, tracked as Larva-25004, was found in two files signed on May 24 and 28, 2024. When executed, it displays a PDF file related to employment as bait, li…
kimsuky
2025-05-23
certificate exploitation
signed malware
nexaweb
certificate leak
Published: May 23, 2025
Downloadable IOCs: 3

APT Group Profiles - Larva-24005

A new operation named Larva-24005, linked to the Kimsuky group, has been discovered by ASEC. The threat actors exploited RDP vulnerabilities to infiltrate systems, installing MySpy malware and RDPWrap for continuous remote access. They also deployed keyloggers to record user inputs. The group has b…
apt
phishing
kimsuky
south korea
CVE-2017-11882
keylogger
CVE-2019-0708
japan
2025-04-22
randomquery
rdp exploitation
bluekeep
myspy
kimalogger
Published: April 22, 2025
Downloadable IOCs: 0

Inside Kimsuky’s Latest Cyberattack: Analyzing Malicious Scripts and Payloads

Kimsuky, also known as “Black Banshee,” a North Korean APT group active at least from 2012, is believed to be state-sponsored. Their cyber espionage targets countries like South Korea, Japan, and the U.S. Their tactics include phishing, malware infections (RATs, backdoors, wiper malware), supply ch…
kimsuky
rats
zip file
chrome
file
2025-03-27
firefox
edge
naver whale
c2 command
black banshee
apt group
64677cae14a2ec4d393a81548417b61b
Published: March 27, 2025
Downloadable IOCs: 0

Kimsuky: A Gift That Keeps on Giving

This analysis details a sophisticated cyber attack attributed to the North Korean-linked Kimsuky APT group. The attack begins with an LNK file, leading to the execution of obfuscated VBS scripts. These scripts create scheduled tasks, modify registry keys for persistence, and establish communication…
espionage
north korea
kimsuky
2024-09-20
Published: September 20, 2024
Downloadable IOCs: 2

Appearance of Kimsuky group's new backdoor (HappyDoor)

Asec Ahnlab analyzes a new backdoor malware called HappyDoor used by the North Korean hacking group Kimsuky in recent email attacks. The malware has evolved over time and contains capabilities for information stealing and remote access. It communicates with command and control servers using encrypt…
backdoor
north korea
kimsuky
cyber espionage
2024-07-01
appleseed
information stealing
happydoor
Published: July 1, 2024
Downloadable IOCs: 16

APT attack discovered using Facebook and MS management console (Attack signs detected targeting Korea and Japan)

A threat actor impersonated a North Korean human rights official on Facebook and approached targets. They shared malicious URLs disguised as documents. Microsoft OneDrive cloud service was used to host the malicious MSC file, which communicated with C2 servers and deployed Reconshark malware associ…
apt
kimsuky
northkorea
2024-05-21
Published: May 21, 2024
Downloadable IOCs: 46
Click here to see more Attack Reports