lazarusholic

2026-01-13, Cyfirma
https://www.cyfirma.com/research/apt-profile-kimsuki/
#Kimsuky

Kimsuki, an advanced persistent threat (APT) group active since at least 2012, is suspected to be operating out of North Korea in direct support of the regime’s strategic objectives. The group’s intelligence collection priorities are closely aligned with the mission of the Reconnaissance General Bureau (RGB), North Korea’s primary foreign intelligence agency. Kimsuki possesses moderately sophisticated technical capabilities and is known for employing highly targeted social engineering tactics, especially against South Korean and U.S.-based government agencies, academics, and think tanks focused on geopolitical issues related to the Korean Peninsula. In addition to its espionage operations, Kimsuki engages in cybercriminal activities to generate revenue, helping to finance its overarching mission of acquiring strategic intelligence.
Alias: APT43, Thallium, Velvet Chollima, Black Banshee, Emerald Sleet
Motivation: Cyber Espionage, Strategic Intelligence Collection, Credential Theft
Targeted Industries
Targeted Country
Belgium, Bulgaria, Canada, Croatia, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Italy, Latvia, Lithuania, Luxembourg, Montenegro, North Macedonia, Norway, Poland, …