2024-10-08
SecureWorks
2024 State of the Threat Report
#NickelAcademy
#NickelFoxcroft
#NickelHyatt
#NickelJuniper
#NickelKimball
#Trend
NickelKimball
"NICKEL KIMBALL has operated on behalf of the North Korean government since at least 2012. It primarily targets non-governmental organizations (NGOs), think tanks, diplomatic agencies, military organizations, economic groups, and research entities, particularly those involved with North Korean policy and relations. The group originally appeared to focus on South Korean organizations before expanding to similar organizations in other countries. The threat actors also seek to obtain access to online accounts and networks to track North Korean defectors and their relatives."
- SecureWorks, https://www.secureworks.com/research/threat-profiles/nickel-kimball
Also known as
| Name | Named by | AKA | First seen | Last seen |
|---|---|---|---|---|
| APT-C-55 | Qihoo360 | Kimsuky | 2021-11-19 | 2025-02-11 |
| APT-Q-2 | Qianxin | Kimsuky | 2022-03-23 | 2024-06-20 |
| APT43 | Mandiant | Kimsuky | 2023-03-28 | 2025-02-12 |
| BlackBanshee | PWC | Kimsuky | 2020-02-18 | 2022-04-29 |
| Cerium | Microsoft | Kimsuky | 2021-10-07 | 2022-11-07 |
| CloudDragon | TeamT5 | Kimsuky | 2021-05-07 | 2023-05-12 |
| DarkPeony | NTTSecurity | Kimsuky | 2024-06-05 | 2024-06-13 |
| DarkPlum | NTTSecurity | Kimsuky | 2024-10-03 | 2024-11-19 |
| EarthKumiho | TrendMicro | Kimsuky | 2022-05-10 | 2025-03-18 |
| G0094 | MITRE | Kimsuky | 2019-08-26 | 2019-08-26 |
| ITG16 | IBM | Kimsuky | - | - |
| KTA082 | Kroll | Kimsuky | 2024-03-05 | 2024-03-05 |
| KimDragon | TeamT5 | Kimsuky | 2021-05-07 | 2021-05-07 |
| Kimsuky | Kaspersky | - | 2013-09-11 | 2025-03-19 |
| Larva-24005 | Ahnlab | Kimsuky | 2025-02-27 | 2025-02-27 |
| NNPTGroup | SelfGiven | Kimsuky | 2014-12-15 | 2015-04-02 |
| NickelKimball | SecureWorks | Kimsuky | - | 2024-10-08 |
| Phisherman | KRCERT | Kimsuky | 2020-02-29 | - |
| RGB-D5 | IssuemakersLab | Kimsuky | 2020-04-08 | 2020-12-24 |
| RedKim | KRCERT | Kimsuky | - | - |
| SectorA05 | NSHC | Kimsuky | 2019-01-10 | 2025-03-17 |
| SeedpuNK | S2W | Kimsuky | 2024-10-02 | 2024-10-02 |
| SharpTongue | Volexity | Kimsuky | 2022-07-28 | 2023-10-05 |
| SparklingPisces | PaloaltoNetworks | Kimsuky | 2024-09-09 | 2024-09-26 |
| Springtail | Symantec | Kimsuky | 2024-03-20 | 2024-05-16 |
| TA408 | Proofpoint | Kimsuky | 2021-11-19 | 2021-11-19 |
| TA427 | Proofpoint | Kimsuky | 2021-11-19 | 2024-04-20 |
| TAG-46 | RecordedFuture | Kimsuky | 2024-01-10 | 2024-01-10 |
| TAG-66 | RecordedFuture | Kimsuky | 2024-01-10 | 2024-01-10 |
| Thallium | Microsoft | Kimsuky | 2019-12-30 | 2022-02-16 |
| UAT-5394 | CiscoTalos | Kimsuky | 2024-08-21 | 2024-09-02 |
| UNC1130 | Mandiant | Kimsuky | 2021-08-18 | 2022-08-18 |
| VelvetChollima | CrowdStrike | Kimsuky | 2019-02-19 | 2025-02-21 |
| puNK-004 | S2W | Kimsuky | 2025-03-13 | 2025-03-13 |