Dissecting new AppleSeed backdoor of Kimsuky threat actor
Contents
Telsy analyzed the cyber espionage group known as Kimsuky in a particular spear phishing campaign.
Introduction
The Telsy Threat Intelligence team trackings various threat actors, among them the cyber espionage group known as Kimsuky, (aka: Velvet Chollima, Black Banshee and Thallium), which has been active since at least 2012 and is believed to be operating on behalf of the North Korean regime.
The group has a rich and notorious history of offensive cyber operations around the world, including operations targeting South Korean think tanks, but over the past few years they have expanded their targeting to countries including the United States, Russia and various nations in Europe.
Kimsuky uses various spear phishing and social engineering methods to obtain Initial Access to victim networks. Spear phishing with a malicious attachment embedded in the email is the most observed Kimsuky tactic.
The structure of the last dropped file (AppleSeed backdoor) and TTPs used in these recent activities …
Introduction
The Telsy Threat Intelligence team trackings various threat actors, among them the cyber espionage group known as Kimsuky, (aka: Velvet Chollima, Black Banshee and Thallium), which has been active since at least 2012 and is believed to be operating on behalf of the North Korean regime.
The group has a rich and notorious history of offensive cyber operations around the world, including operations targeting South Korean think tanks, but over the past few years they have expanded their targeting to countries including the United States, Russia and various nations in Europe.
Kimsuky uses various spear phishing and social engineering methods to obtain Initial Access to victim networks. Spear phishing with a malicious attachment embedded in the email is the most observed Kimsuky tactic.
The structure of the last dropped file (AppleSeed backdoor) and TTPs used in these recent activities …