2025-02-11
Sakai
김수키(Kimsuky) 에서 만든 종신안내장 으로 위장한 악성코드-종신안내장v02_곽X환d.zip(2025.2.5)
#Kimsuky
Kimsuky
the King of the Spear-Phishing
"Kimsuky is a North Korea-based cyber espionage group that has been active since at least 2012. The group initially focused on targeting South Korean government entities, think tanks, and individuals identified as experts in various fields, and expanded its operations to include the United States, Russia, Europe, and the UN. Kimsuky has focused its intelligence collection activities on foreign policy and national security issues related to the Korean peninsula, nuclear policy, and sanctions."
- MITRE, https://attack.mitre.org/groups/G0094/
"Kimsuky(also known as Velvet Chollima and Black Banshee) is a North Korean advanced persistent threat group that targets South Korean think tanks, industry, nuclear power operators, and the South Korean Ministry of Unification for espionage purposes. In recent years Kimsuky has expanded their operations to include states such as Russia, the United States, and European nations."
- Wikipedia, https://en.wikipedia.org/wiki/Kimsuky
"Who’s Kim? It’s interesting that the drop box mail accounts [email protected] and [email protected] are registered with the following “kim” names: kimsukyang(김석양 or 김숙향) and “Kim asdfa”."
- Kaspersky, https://securelist.com/the-kimsuky-operation-a-north-korean-apt/57915/
"This threat actor targets South Korean think tanks, industry, nuclear power operators, and the Ministry of Unification for espionage purposes."
- malpedia, https://malpedia.caad.fkie.fraunhofer.de/actor/kimsuky
"(Kaspersky) For several months, we have been monitoring an ongoing cyber-espionage campaign against South Korean think-tanks. There are multiple reasons why this campaign is extraordinary in its execution and logistics. It all started one day when we encountered a somewhat unsophisticated spy program that communicated with its “master” via a public e-mail server. This approach is rather inherent to many amateur virus-writers and these malware attacks are mostly ignored."
- ETDA, https://apt.etda.or.th/cgi-bin/showcard.cgi?u=5e3544bf-98ad-4e9f-b65e-85f05c36486f
"Kimsuky是一个来自朝鲜的威胁组织,至少自2013年9月以来一直活跃。主要攻击范围为韩国,涉及行业包括国防、教育、能源、政府、医疗以及智囊团等领域,并以机密信息窃取为主要目的。该组织被认为与2014年韩国水电与核电公司(KHNP)受到的攻击有关。通常使用社会工程学、鱼叉邮件、水坑攻击等手段投递恶意软件,拥有功能完善的恶意代码武器库。"
- RedQueen, https://redqueen.tj-un.com/threatOrganizationDetails.html?id=2c91828270577791017065a236c30000
"Kimsuky Threat Actor Intelligence Profile"
- Cybergeist, https://cybergeist.io/profile/kimsuky
Also known as
Name | Named by | AKA | First seen | Last seen |
---|---|---|---|---|
APT-C-55 | Qihoo360 | Kimsuky | 2021-11-19 | 2025-02-11 |
APT-Q-2 | Qianxin | Kimsuky | 2022-03-23 | 2024-06-20 |
APT43 | Mandiant | Kimsuky | 2023-03-28 | 2025-01-29 |
ARCHIPELAGO | APT43 | 2023-04-05 | 2023-04-05 | |
BlackBanshee | PWC | Kimsuky | 2020-02-18 | 2022-04-29 |
Cerium | Microsoft | Kimsuky | 2021-10-07 | 2022-11-07 |
CloudDragon | TeamT5 | Kimsuky | 2021-05-07 | 2023-05-12 |
DarkPeony | NTTSecurity | Kimsuky | 2024-06-05 | 2024-06-13 |
DarkPlum | NTTSecurity | Kimsuky | 2024-10-03 | 2024-11-19 |
EmeraldSleet | Microsoft | Thallium | 2023-04-19 | 2024-02-14 |
G0094 | MITRE | Kimsuky | 2019-08-26 | 2019-08-26 |
ITG16 | IBM | Kimsuky | - | - |
KTA082 | Kroll | Kimsuky | 2024-03-05 | 2024-03-05 |
KimDragon | TeamT5 | Kimsuky | 2021-05-07 | 2021-05-07 |
Kimsuky | Kaspersky | - | 2013-09-11 | 2025-02-11 |
NNPTGroup | SelfGiven | Kimsuky | 2014-12-15 | 2015-04-02 |
NickelKimball | SecureWorks | Kimsuky | - | 2024-10-08 |
Phisherman | KRCERT | Kimsuky | 2020-02-29 | - |
RGB-D5 | IssuemakersLab | Kimsuky | 2020-04-08 | 2020-12-24 |
RedKim | KRCERT | Kimsuky | - | - |
RubySleet | Microsoft | Cerium | 2023-04-19 | 2024-11-22 |
SectorA05 | NSHC | Kimsuky | 2019-01-10 | 2025-02-06 |
SeedpuNK | S2W | Kimsuky | 2024-10-02 | 2024-10-02 |
SharpTongue | Volexity | Kimsuky | 2022-07-28 | 2023-10-05 |
SparklingPisces | PaloaltoNetworks | Kimsuky | 2024-09-09 | 2024-09-26 |
Springtail | Symantec | Kimsuky | 2024-03-20 | 2024-05-16 |
TA408 | Proofpoint | Kimsuky | 2021-11-19 | 2021-11-19 |
TA427 | Proofpoint | Kimsuky | 2021-11-19 | 2024-04-20 |
TAG-46 | RecordedFuture | Kimsuky | 2024-01-10 | 2024-01-10 |
TAG-66 | RecordedFuture | Kimsuky | 2024-01-10 | 2024-01-10 |
Thallium | Microsoft | Kimsuky | 2019-12-30 | 2022-02-16 |
UAT-5394 | CiscoTalos | Kimsuky | 2024-08-21 | 2024-09-02 |
UNC1130 | Mandiant | Kimsuky | 2021-08-18 | 2022-08-18 |
UNC1873 | Mandiant | APT43 | 2023-03-28 | 2023-03-28 |
UNC3782 | Mandiant | APT43 | 2023-04-20 | 2023-04-20 |
UNC4469 | Mandiant | APT43 | 2023-04-20 | 2023-04-20 |
VelvetChollima | CrowdStrike | Kimsuky | 2019-02-19 | 2024-12-13 |
WhoamI | SelfGiven | NNPTGroup | 2014-12-15 | 2015-04-02 |
Reports
2024-03-07
UN
S/2024/215 Final report of the Panel of Experts
#CyberLink #JumpCloud #Andariel #Kimsuky #BlueNoroff #ScarCruft #Alphapo #CoinsPaid #Merlin #Steadefi #Fantom #Terraport #UnoRe #HECO #HTX #OrbitBridge #Poloniex #NexusMutual #Indodax #CoinEx #bZx #Qubit #DeFiance #Bondly #Fetchai #MGNR #EasyFi #FinNexus #Eterbase #KuCoin #Cryptopia #AlgoCapital #CoinTiger #BiKi #CoinBene #Gateio #Coinrail #Bancor #Tradeio #CoinSecure #Cypherium #Taylor #Sanctions
UN
S/2024/215 Final report of the Panel of Experts
#CyberLink #JumpCloud #Andariel #Kimsuky #BlueNoroff #ScarCruft #Alphapo #CoinsPaid #Merlin #Steadefi #Fantom #Terraport #UnoRe #HECO #HTX #OrbitBridge #Poloniex #NexusMutual #Indodax #CoinEx #bZx #Qubit #DeFiance #Bondly #Fetchai #MGNR #EasyFi #FinNexus #Eterbase #KuCoin #Cryptopia #AlgoCapital #CoinTiger #BiKi #CoinBene #Gateio #Coinrail #Bancor #Tradeio #CoinSecure #Cypherium #Taylor #Sanctions