Exposing the Steps of the Kimsuky APT Group
Contents
The Blue Report 2024
Get a comprehensive analysis of over 136 million cyber attacks and understand the state of threat exposure management.
Kimsuky, also known as Black Banshee, is a North Korean cyber threat actor that has garnered significant attention in the cybersecurity community for its targeted and persistent espionage campaigns. Operating under the direction of the North Korean government, Kimsuky has been active since at least 2013, specializing in intelligence gathering and information theft. Its primary targets include organizations and individuals involved in political, economic, and military affairs, particularly in South Korea and other nations with strategic interests in the Korean Peninsula. In this blog, we are going to explain the origins of the Kimsuky APT, their notable attacks, and adversarial behavior observed in the wild.
If you want to dive directly into the tactics, techniques, and procedures—supported by real-life command examples—used by the Kimsuky APT, scroll down to the respective section.
Origins …
Get a comprehensive analysis of over 136 million cyber attacks and understand the state of threat exposure management.
Kimsuky, also known as Black Banshee, is a North Korean cyber threat actor that has garnered significant attention in the cybersecurity community for its targeted and persistent espionage campaigns. Operating under the direction of the North Korean government, Kimsuky has been active since at least 2013, specializing in intelligence gathering and information theft. Its primary targets include organizations and individuals involved in political, economic, and military affairs, particularly in South Korea and other nations with strategic interests in the Korean Peninsula. In this blog, we are going to explain the origins of the Kimsuky APT, their notable attacks, and adversarial behavior observed in the wild.
If you want to dive directly into the tactics, techniques, and procedures—supported by real-life command examples—used by the Kimsuky APT, scroll down to the respective section.
Origins …
IoC
63FB47C3B4693409EBADF8A5179141AF5CF45A46D1E98E5F763CA0D7D64FB17C
46A5D54C264152CE915792AF31C75824A558AF7D7340D78B34E146D8C6249E79
689CFAA9319F3F7529A31472ECF6B2E0CA6891B736DE009E0B6C2EBAC958CC94
15D53BB839E00405A34A8B690EC181F5555FC4F891B8248AE7FA72BAD28315A9
5E40D106977017B1ED235419B1E59FF090E1F43AC57DA1BB5D80D66AE53B1DF8
BFD74B4A1B413FA785A49CA4A9C0594441A3E01983FC7F86125376FDBD4ACF6B
5C907B722C53A5BE256DC5F96B755BC9E0B032CC30973A52D984D4174BACE456
C9A7B42C7B29CA948160F95F017E9E9AE781F3B981ECF6EDBAC943E52C63FFC8
1B75F70C226C9ADA8E79C3FDD987277B0199928800C51E5A1E55FF01246701DB
6C121F2B2EFA6592C2C22B29218157EC9E63F385E7A1D7425857D603DDEF8C59
E6BBC33815B9F20B0CF832D7401DD893FBC467C800728B5891336706DA0DBCEC
2546D239A262C24A6F8EA01D890CBC459A22DB79B379B6EC3B24FBB56EFB5381
5009C7D1590C1F8C05827122172583DDF924C53B55A46826ABF66DA46725505A
2360A69E5FD7217E977123C81D3DBB60BF4763A9DAE6949BC1900234F7762DF1
081804B491C70BFA63ECDBE9FD4618D3570706AD8B71DBA13E234069648E5E48
1617587CCDF5B0344089559ECF8FE7D39F6E07A6A64F74F2B44BFA2C8CB67983
479038EB12ED07893EE0DCC04FBDCF182489BBB271F5A4F90F83874881A80CE3
7667D1B8FCC4F712084E3E3F8B4AB505AB150C52AEA7B219249EC508B4B0E224
8BFA4FE0534C0062393B6A2597C3491F7DF3BF2EABFE06544C53BDF1F38DB6D4
91EAF215BE336EAE983D069DE16630CC3580E222C427F785E0DA312D0692D0FD
99DBC6FE3C3E465052FCEFA1642861747DC9E069EEB244589B605BD710B1E0D1
B72CAAB78D164637FEA0937D7A94FC470579EC6BB4FA87DADB6F0FA7826E217C
FEE4F9DABC094DF24D83EC1A8C4E4FF573E5D9973CAA676F58086C99561382D7
3C8DBFCBB4FCCBAF924F9A650A04CB4715F4A58D51EF49CC75BFCEF0AC258A3E
CBF4CFA2D3C3FB04FE349161E051A8CF9B6A29F8AF0C3D93DB953E5B5DC39C86
D8565D58AD8E4F5558B5CD70DF0AD12BE9CF44E32AD07AAAC6F65B816EDBF414
C83C7B000A955F2B8CB92BB112ED606FFD9FBEBBE3422F80D90D06B167F2F37B
492A643BD1EFDACA4CA125ADE1B606E7BBF00E995AC9115AC84D1C4C59CB66DD
3EA2EAD8F3CEC030906DCBFFE3EFD5C5D77D5D375D4A54CCA03BFE8A6CB59940
0B5DB31E47B0DCCFDEC46E74C0E70C6A1684768DBACC9EACBB4FD2EF851994C7
60666CACDD6806ED05771F32EAA719E3EFD2F4DB55F28A447D383C3EAC1DC72E
87C5D0C93B80ACF61D24E7AAF0FAAE231AB507CA45483AD3D441B5D1ACEBC43C
69C917EA96DB28DBD5B67073CA0AAC234D25651A849171B45F20979EAFA05A1C
F262588C48D2902992FFD275D2BE6362FE7F02E2F00A44AB8C75AC1A2827C6E9
927B3564C1CF884D2A05E1D7BD24362CE8563A1E9B85BE776190AB7F8AF192F6
C7F4AA77BE7F7AFE9D0665D3E705DBF7794BC479BB9C44488C7BF4169F8D14FE
DB6A9934570FA98A93A979E7E0E218E0C9710E5A787B18C6948F2EEDD9338984
A03D13C9825E150810E6E6AAF053D71EC5A53B86581414DD982A74D4A8BC5475
BCE1EB513AAAC344B5B8F7A9BA9C9E36FC89926D327EE5CC095FB4A895A12F80
C6A48365C3DB9761BD60981BDCDD87ACED23D8E60067CAA30FEE501BF4B47B84
89CAD9A57985CC0AB3B7403A943AD0AA7B167DC7A3C38557417FEDEA67A77B87
F1713AFAF5958BDF3E975EBBAB8245A98A84E03F8CE52175EF1568DE208116E0
973F7939EA03FD2C9663DAFC21BB968F56ED1B9A56B0284ACF73C3EE141C053C
F3B0DA965A4050AB00FCE727BB31E0F889A9C05D68D777A8068CFC15A71D3703
A64FA9F1C76457ECC58402142A8728CE34CCBA378C17318B3340083EEB7ACC67
46A5D54C264152CE915792AF31C75824A558AF7D7340D78B34E146D8C6249E79
689CFAA9319F3F7529A31472ECF6B2E0CA6891B736DE009E0B6C2EBAC958CC94
15D53BB839E00405A34A8B690EC181F5555FC4F891B8248AE7FA72BAD28315A9
5E40D106977017B1ED235419B1E59FF090E1F43AC57DA1BB5D80D66AE53B1DF8
BFD74B4A1B413FA785A49CA4A9C0594441A3E01983FC7F86125376FDBD4ACF6B
5C907B722C53A5BE256DC5F96B755BC9E0B032CC30973A52D984D4174BACE456
C9A7B42C7B29CA948160F95F017E9E9AE781F3B981ECF6EDBAC943E52C63FFC8
1B75F70C226C9ADA8E79C3FDD987277B0199928800C51E5A1E55FF01246701DB
6C121F2B2EFA6592C2C22B29218157EC9E63F385E7A1D7425857D603DDEF8C59
E6BBC33815B9F20B0CF832D7401DD893FBC467C800728B5891336706DA0DBCEC
2546D239A262C24A6F8EA01D890CBC459A22DB79B379B6EC3B24FBB56EFB5381
5009C7D1590C1F8C05827122172583DDF924C53B55A46826ABF66DA46725505A
2360A69E5FD7217E977123C81D3DBB60BF4763A9DAE6949BC1900234F7762DF1
081804B491C70BFA63ECDBE9FD4618D3570706AD8B71DBA13E234069648E5E48
1617587CCDF5B0344089559ECF8FE7D39F6E07A6A64F74F2B44BFA2C8CB67983
479038EB12ED07893EE0DCC04FBDCF182489BBB271F5A4F90F83874881A80CE3
7667D1B8FCC4F712084E3E3F8B4AB505AB150C52AEA7B219249EC508B4B0E224
8BFA4FE0534C0062393B6A2597C3491F7DF3BF2EABFE06544C53BDF1F38DB6D4
91EAF215BE336EAE983D069DE16630CC3580E222C427F785E0DA312D0692D0FD
99DBC6FE3C3E465052FCEFA1642861747DC9E069EEB244589B605BD710B1E0D1
B72CAAB78D164637FEA0937D7A94FC470579EC6BB4FA87DADB6F0FA7826E217C
FEE4F9DABC094DF24D83EC1A8C4E4FF573E5D9973CAA676F58086C99561382D7
3C8DBFCBB4FCCBAF924F9A650A04CB4715F4A58D51EF49CC75BFCEF0AC258A3E
CBF4CFA2D3C3FB04FE349161E051A8CF9B6A29F8AF0C3D93DB953E5B5DC39C86
D8565D58AD8E4F5558B5CD70DF0AD12BE9CF44E32AD07AAAC6F65B816EDBF414
C83C7B000A955F2B8CB92BB112ED606FFD9FBEBBE3422F80D90D06B167F2F37B
492A643BD1EFDACA4CA125ADE1B606E7BBF00E995AC9115AC84D1C4C59CB66DD
3EA2EAD8F3CEC030906DCBFFE3EFD5C5D77D5D375D4A54CCA03BFE8A6CB59940
0B5DB31E47B0DCCFDEC46E74C0E70C6A1684768DBACC9EACBB4FD2EF851994C7
60666CACDD6806ED05771F32EAA719E3EFD2F4DB55F28A447D383C3EAC1DC72E
87C5D0C93B80ACF61D24E7AAF0FAAE231AB507CA45483AD3D441B5D1ACEBC43C
69C917EA96DB28DBD5B67073CA0AAC234D25651A849171B45F20979EAFA05A1C
F262588C48D2902992FFD275D2BE6362FE7F02E2F00A44AB8C75AC1A2827C6E9
927B3564C1CF884D2A05E1D7BD24362CE8563A1E9B85BE776190AB7F8AF192F6
C7F4AA77BE7F7AFE9D0665D3E705DBF7794BC479BB9C44488C7BF4169F8D14FE
DB6A9934570FA98A93A979E7E0E218E0C9710E5A787B18C6948F2EEDD9338984
A03D13C9825E150810E6E6AAF053D71EC5A53B86581414DD982A74D4A8BC5475
BCE1EB513AAAC344B5B8F7A9BA9C9E36FC89926D327EE5CC095FB4A895A12F80
C6A48365C3DB9761BD60981BDCDD87ACED23D8E60067CAA30FEE501BF4B47B84
89CAD9A57985CC0AB3B7403A943AD0AA7B167DC7A3C38557417FEDEA67A77B87
F1713AFAF5958BDF3E975EBBAB8245A98A84E03F8CE52175EF1568DE208116E0
973F7939EA03FD2C9663DAFC21BB968F56ED1B9A56B0284ACF73C3EE141C053C
F3B0DA965A4050AB00FCE727BB31E0F889A9C05D68D777A8068CFC15A71D3703
A64FA9F1C76457ECC58402142A8728CE34CCBA378C17318B3340083EEB7ACC67