Analyst’s Note — Kimsuky
Contents
Analyst’s Note — Kimsuky
The threat actor known as Kimsuky, also referred to as Emerald Sleet, has been observed targeting a United States-based think tank. The target received an invitation to a meeting with the Embassy of Japan in Washington, D.C., which was sent to their personal email. The threat actor created a free Proton email account, using it to impersonate an employee of the Japanese Embassy.
The email included the impersonated embassy staff member’s benign Curriculum Vitae (CV) and encouraged the target to communicate with the attackers via WhatsApp. The target of this attack did not respond to the message or further the communication chain, so the next steps are unknown.
While the steps of this specific attack are unknown, this tactic is likely designed to initiate credential phishing or to deliver a malicious file that could start a malware infection. Due to the encrypted nature of WhatsApp and its frequent use …
The threat actor known as Kimsuky, also referred to as Emerald Sleet, has been observed targeting a United States-based think tank. The target received an invitation to a meeting with the Embassy of Japan in Washington, D.C., which was sent to their personal email. The threat actor created a free Proton email account, using it to impersonate an employee of the Japanese Embassy.
The email included the impersonated embassy staff member’s benign Curriculum Vitae (CV) and encouraged the target to communicate with the attackers via WhatsApp. The target of this attack did not respond to the message or further the communication chain, so the next steps are unknown.
While the steps of this specific attack are unknown, this tactic is likely designed to initiate credential phishing or to deliver a malicious file that could start a malware infection. Due to the encrypted nature of WhatsApp and its frequent use …