From Surveillance to Espionage: Unraveling the Latest Strategies of the Kimsuky Group
Contents
From Surveillance to Espionage:
Unraveling the Latest Strategies of
the Kimsuky Group
Seongsu Park, Senior security researcher
ThreatLabZ / APT Research
© 2024 Zscaler, Inc. All rights reserved.
Seongsu Park
▪
▪
▪
▪
Zscaler, ThreatLabZ, APT Research Team
Senior security researcher
Formerly, Kaspersky, Global Research and Analysis Team
Mostly tracking North Korea threat actors
Focus Area
▪
▪
▪
▪
Investigative Research
Reversing Malware
Digital Forensics
Threat Intelligence
© 2024 Zscaler, Inc. All rights reserved.
North Korea Threat Actors
and its clusters/subgroups
BabyShark
August 2019
AppleSeed.pdb
Kimsuky/
Emerald Sleet
GoldDragon
Febraury 2019
PAN Unit42
AppleSeed
June 2020
APT37/
First PE Chinotto
RokRat
ScarCruft
Chinotto
Andariel/Onyx Sleet
February 2016
Lazarus/
DarkSeoul
Bangladesh bank heist
January 2017
Lazarus/Diamond Sleet
FSI, Operation Rifle
APT38/BlueNoroff/
Sapphire Sleet
© 2024 Zscaler, Inc. All rights reserved.
Introduction of Kimsuky
Adversary
Victim
• DPRK threat actor
• Impacted countries: South Korea, Japan, USA..
• Kimsuky(a.k.a APT43, Emerald Sleet)
• Target industries: Government, diplomat,
defense, think-tank, NGO, journalist, defector,
academic, cryptocurrency, E-commerce
• Published by Kaspersky in 2013
• Behind the KHNP attack in 2014
Capability
Infrastructure
• Phishing
• Compromised web server
• Timely social engineering
• Free web hosting
• Multi-stage infection
• Commercial hosting service
• Several malware cluster
• Private email service
© 2024 Zscaler, Inc. All rights reserved.
© 2024 Zscaler, Inc. All …
Unraveling the Latest Strategies of
the Kimsuky Group
Seongsu Park, Senior security researcher
ThreatLabZ / APT Research
© 2024 Zscaler, Inc. All rights reserved.
Seongsu Park
▪
▪
▪
▪
Zscaler, ThreatLabZ, APT Research Team
Senior security researcher
Formerly, Kaspersky, Global Research and Analysis Team
Mostly tracking North Korea threat actors
Focus Area
▪
▪
▪
▪
Investigative Research
Reversing Malware
Digital Forensics
Threat Intelligence
© 2024 Zscaler, Inc. All rights reserved.
North Korea Threat Actors
and its clusters/subgroups
BabyShark
August 2019
AppleSeed.pdb
Kimsuky/
Emerald Sleet
GoldDragon
Febraury 2019
PAN Unit42
AppleSeed
June 2020
APT37/
First PE Chinotto
RokRat
ScarCruft
Chinotto
Andariel/Onyx Sleet
February 2016
Lazarus/
DarkSeoul
Bangladesh bank heist
January 2017
Lazarus/Diamond Sleet
FSI, Operation Rifle
APT38/BlueNoroff/
Sapphire Sleet
© 2024 Zscaler, Inc. All rights reserved.
Introduction of Kimsuky
Adversary
Victim
• DPRK threat actor
• Impacted countries: South Korea, Japan, USA..
• Kimsuky(a.k.a APT43, Emerald Sleet)
• Target industries: Government, diplomat,
defense, think-tank, NGO, journalist, defector,
academic, cryptocurrency, E-commerce
• Published by Kaspersky in 2013
• Behind the KHNP attack in 2014
Capability
Infrastructure
• Phishing
• Compromised web server
• Timely social engineering
• Free web hosting
• Multi-stage infection
• Commercial hosting service
• Several malware cluster
• Private email service
© 2024 Zscaler, Inc. All rights reserved.
© 2024 Zscaler, Inc. All …
IoC
0315E137A6E2D658F07AF454C63A0AF2
https://raw.githubusercontent.com/HelperDav/Web/main/update.xml
https://raw.githubusercontent.com/HelperDav/Web/main/update.xml