Github를 공격 인프라로 악용하는 Kimsuky의 최신 국내 공격 사례 분석
Contents
ìí ì¸í 리ì ì¤
ìí¤íì´í¸í
2025. 6. 19.
ìì½
Github를 공격 ì¸íë¼ë¡ ì ì©í´ ì ì±ì½ë를 ì í¬íë ì êµí ì¤í¼ì´ í¼ì± 공격ì í¬ì°©íë¤.
ì ì±ì½ëë íëì½ë©ë Github PAT(Personal Access Token)를 ì´ì©í´ ë¹ê³µê° 리í¬ì§í 리ì ì ê·¼íë¤.
ë¹ê³µê° 리í¬ì§í 리ì ì ì¥ë ë¡ê·¸ìì 공격ìê° í ì¤í¸ ì©ì¼ë¡ ì¬ì©íë ipê° íì¸ëë¤.
공격ì ì¬ì©ë XenoRAT C&C ìë² ë¶ì ê²°ê³¼, ë¶í ë°°í 공격 그룹 Kimsukyì ì°ê´ë ê²ì¼ë¡ ëë¬ë¬ë¤.
1. ê°ì
Xìì íì¸í ì ì±ì½ë ë¶ì ê³¼ì ìì, ì§ë 2025ë 3ìë¶í° 공격ì ì ì©ë Github ê³ì ì íì¸íë¤.
ì ì±ì½ëìë 공격ìì ì í¨í Github PAT(Personal Access Token)ì´ íëì½ë©ëì´ ììê³ , ì´ í í°ì ì´ì©íì¬ ë¹ê³µê° 리í¬ì§í 리ìì ì ì±ì½ë를 ë¤ì´ë°ê³ , í¼í´ ìì¤í ìì ìì§í ì 보를 ë¹ê³µê° 리í¬ì§í ë¦¬ë¡ ì ë¡ëíë ê²ì´ íì¸ëìë¤.
리í¬ì§í 리ì ì¡´ì¬íë íì¼ë¤ì ì ì±ì½ëì ë¯¸ë¼ íì¼, ê°ì¼ ìì¤í ì ë³´ë¡ íì¸ëìì¼ë©°, 공격ìê° Github를 공격 ì¸íë¼ë¡ ì ì©í ê²ì ì ì ììë¤.
본 ê¸ììë 공격 ì¸íë¼ë¥¼ ìë³í ê³¼ì ê³¼ 공격 íë¦ì ë¶ìíê³ , ë¶í ë°°í 공격 ê·¸ë£¹ì¸ Kimsukyìì ì°ê´ì±ì ëíì¬ ë¤ë£¬ë¤.
2. …
ìí¤íì´í¸í
2025. 6. 19.
ìì½
Github를 공격 ì¸íë¼ë¡ ì ì©í´ ì ì±ì½ë를 ì í¬íë ì êµí ì¤í¼ì´ í¼ì± 공격ì í¬ì°©íë¤.
ì ì±ì½ëë íëì½ë©ë Github PAT(Personal Access Token)를 ì´ì©í´ ë¹ê³µê° 리í¬ì§í 리ì ì ê·¼íë¤.
ë¹ê³µê° 리í¬ì§í 리ì ì ì¥ë ë¡ê·¸ìì 공격ìê° í ì¤í¸ ì©ì¼ë¡ ì¬ì©íë ipê° íì¸ëë¤.
공격ì ì¬ì©ë XenoRAT C&C ìë² ë¶ì ê²°ê³¼, ë¶í ë°°í 공격 그룹 Kimsukyì ì°ê´ë ê²ì¼ë¡ ëë¬ë¬ë¤.
1. ê°ì
Xìì íì¸í ì ì±ì½ë ë¶ì ê³¼ì ìì, ì§ë 2025ë 3ìë¶í° 공격ì ì ì©ë Github ê³ì ì íì¸íë¤.
ì ì±ì½ëìë 공격ìì ì í¨í Github PAT(Personal Access Token)ì´ íëì½ë©ëì´ ììê³ , ì´ í í°ì ì´ì©íì¬ ë¹ê³µê° 리í¬ì§í 리ìì ì ì±ì½ë를 ë¤ì´ë°ê³ , í¼í´ ìì¤í ìì ìì§í ì 보를 ë¹ê³µê° 리í¬ì§í ë¦¬ë¡ ì ë¡ëíë ê²ì´ íì¸ëìë¤.
리í¬ì§í 리ì ì¡´ì¬íë íì¼ë¤ì ì ì±ì½ëì ë¯¸ë¼ íì¼, ê°ì¼ ìì¤í ì ë³´ë¡ íì¸ëìì¼ë©°, 공격ìê° Github를 공격 ì¸íë¼ë¡ ì ì©í ê²ì ì ì ììë¤.
본 ê¸ììë 공격 ì¸íë¼ë¥¼ ìë³í ê³¼ì ê³¼ 공격 íë¦ì ë¶ìíê³ , ë¶í ë°°í 공격 ê·¸ë£¹ì¸ Kimsukyìì ì°ê´ì±ì ëíì¬ ë¤ë£¬ë¤.
2. …
IoC
https://dl.dropboxusercontent.com/scl/fi/hpv3jd8o9annkala8vskb/hhopp.rtf?rlkey=nmwknu8l1ormxcmvo77ehhwr8&st=y99kquph&dl=0
http://80.71.157.55
https://dl.dropboxusercontent.com/scl/fi/3z2lxx1aor5g82e86c6ru/panel.rtf?rlkey=zaafvohxvwgvnfv383oe1vmt5&st=umtc7teu&dl=0
http://10.7.185.68
https://dl.dropboxusercontent.com/scl/fi/bifls0sn1nx1b52adydyn/tt7024.rtf?rlkey=le9xhv7v9clh9sof5787wl3da&st=rz6k0vgl&dl=0
https://dl.dropboxusercontent.com/scl/fi/okglg167i8kuwna1m2lxm/bie70er.rtf?rlkey=473ofwk5bcqsehgyw4dxs2ibv&st=ecned2g2&dl=0
http://158.247.202.109
http://101.36.114.190
http://165.154.78.9:443
https://raw.githubusercontent.com/luckmask/asp/main/xxx.rtf
http://165.154.78.9
http://192.168.35.35
https://dl.dropboxusercontent.com/scl/fi/ti6rphsns0xsvx1ekb02f/bie70er.rtf?rlkey=ug5wa6p2tzyq9rukv51dx4ity&st=hpuv2uwd&dl=0
http://10.33.77.174
http://158.247.230.196
http://141.164.41.17
http://216.244.74.115
http://118.194.249.201
https://dl.dropboxusercontent.com/scl/fi/c6ba7iwuke57d75j3mmte/eula.rtf$dropboxBaseUrl?rlkey=t0jnirhxk48xdu8p74rqgv9dw&st=oofgjsq8&dl=0
http://216.244.74.115:80
https://dl.dropboxusercontent.com/scl/fi/67j5162v19rtngxkexau5/bie70er.rtf?rlkey=2kdy91rrcugaueif7aucd8b0d&st=mflxxjq7&dl=0
http://139.99.36.158
http://45.61.161.103
https://dl.dropboxusercontent.com/scl/fi/nanwt6elsuxziz05hnlt4/cjfansgmlans1-x.txt?rlkey=l6gzro1rswkqbk6tinxnkuylv&st=iv78c1cg&dl=0
https://raw.githubusercontent.com/Dasi274/star/main/xxx.rtf
https://dl.dropboxusercontent.com/scl/fi/bqicute746gcts2utf903/pong_race.rtf?rlkey=53r0g9f69khan7zkgzkc9ox90&st=nry1hb3s&dl=0
https://dl.dropboxusercontent.com/scl/fi/c6ba7iwuke57d75j3mmte/eula.rtf?rlkey=t0jnirhxk48xd8p74rqgv9dw&st=oofgjsq8&dl=0
http://158.247.202.109/invoice/?wreply=&m=https%3a%2f%2fnid.naver[.]com%2fnidlogin[.]login%3furl%3dhttp%253a%252f%252fmail.naver[.]com%252f
http://158.247.230.196:443
http://158.247.253.215
192.168.35.35
158.247.230.196
216.244.74.115
45.61.161.103
118.194.249.201
101.36.114.190
10.7.185.68
165.154.78.9
139.99.36.158
158.247.202.109
80.71.157.55
10.33.77.174
158.247.253.215
141.164.41.17
[email protected]
b36159563452d9a837a5e566ad2a1e44
a56edfef94008c77abfb4e151df934d9
57015267d06b0d80721015ccd29a04cd
5e9a80d3d4f71ecd8bf8e579a5e2449c
1dee4c60fffcc80eb4bbd523eedab2f4
157d1b1798f0f370a95125253e039c18
baf164d2a5066cab5772dc6ae4807f43
8c84d7f559cf0947fbf1981a0acb8a35
85f5075610661c9706571a33548d7585
a87659641e00d724de5662b14fe142e8
af999c3c615b56691d75e8c877e185fb
f692c1dd797f68c34744a377482c4ed4
7df07ecb0b516df085a5ee95ed8e6560
b77e4e9f5897f00dcbd08b2ee9bde7e8
976ad041832082f2d304df12b61457cb
b13ffe7b8e351291250f1a3a855134aa
b99c1d9bf70be5172a8b36b098c67ee5
522a122f3cd4c488a51d81c846bfabbb
acd2d728ee4d1110521524c1eac6204e
f51a2ccb4b9b2bf163c81b525bfac08e
a9d80e7fe3f217ea4d33f8a4a0f3f73c
6cbc007799b56682ac196e44d79e496d
d0a8cd7584547bdb2959f0d1008e6871
5be0527f5c84208371761cee852f0d7c
c2f88038d431bb190454fae02225e639
0cb6e67f23ccebc3727f755be5140497
1808bd4919c5943096a4a19784d6b8de
5076c579e378f976a57e862e5b6a7859
10ce9409d8d1e72ea6439bec7cd7e4cd
74b1d5f857a4245aef8189ac4f409a99
30d5f17d5e3f85be18220a7cab0b9fff
45ed6abfc12be606bdbcfe76bd17b2af
8c561a53085651d7f47b24129c2cd2d0
http://80.71.157.55
https://dl.dropboxusercontent.com/scl/fi/3z2lxx1aor5g82e86c6ru/panel.rtf?rlkey=zaafvohxvwgvnfv383oe1vmt5&st=umtc7teu&dl=0
http://10.7.185.68
https://dl.dropboxusercontent.com/scl/fi/bifls0sn1nx1b52adydyn/tt7024.rtf?rlkey=le9xhv7v9clh9sof5787wl3da&st=rz6k0vgl&dl=0
https://dl.dropboxusercontent.com/scl/fi/okglg167i8kuwna1m2lxm/bie70er.rtf?rlkey=473ofwk5bcqsehgyw4dxs2ibv&st=ecned2g2&dl=0
http://158.247.202.109
http://101.36.114.190
http://165.154.78.9:443
https://raw.githubusercontent.com/luckmask/asp/main/xxx.rtf
http://165.154.78.9
http://192.168.35.35
https://dl.dropboxusercontent.com/scl/fi/ti6rphsns0xsvx1ekb02f/bie70er.rtf?rlkey=ug5wa6p2tzyq9rukv51dx4ity&st=hpuv2uwd&dl=0
http://10.33.77.174
http://158.247.230.196
http://141.164.41.17
http://216.244.74.115
http://118.194.249.201
https://dl.dropboxusercontent.com/scl/fi/c6ba7iwuke57d75j3mmte/eula.rtf$dropboxBaseUrl?rlkey=t0jnirhxk48xdu8p74rqgv9dw&st=oofgjsq8&dl=0
http://216.244.74.115:80
https://dl.dropboxusercontent.com/scl/fi/67j5162v19rtngxkexau5/bie70er.rtf?rlkey=2kdy91rrcugaueif7aucd8b0d&st=mflxxjq7&dl=0
http://139.99.36.158
http://45.61.161.103
https://dl.dropboxusercontent.com/scl/fi/nanwt6elsuxziz05hnlt4/cjfansgmlans1-x.txt?rlkey=l6gzro1rswkqbk6tinxnkuylv&st=iv78c1cg&dl=0
https://raw.githubusercontent.com/Dasi274/star/main/xxx.rtf
https://dl.dropboxusercontent.com/scl/fi/bqicute746gcts2utf903/pong_race.rtf?rlkey=53r0g9f69khan7zkgzkc9ox90&st=nry1hb3s&dl=0
https://dl.dropboxusercontent.com/scl/fi/c6ba7iwuke57d75j3mmte/eula.rtf?rlkey=t0jnirhxk48xd8p74rqgv9dw&st=oofgjsq8&dl=0
http://158.247.202.109/invoice/?wreply=&m=https%3a%2f%2fnid.naver[.]com%2fnidlogin[.]login%3furl%3dhttp%253a%252f%252fmail.naver[.]com%252f
http://158.247.230.196:443
http://158.247.253.215
192.168.35.35
158.247.230.196
216.244.74.115
45.61.161.103
118.194.249.201
101.36.114.190
10.7.185.68
165.154.78.9
139.99.36.158
158.247.202.109
80.71.157.55
10.33.77.174
158.247.253.215
141.164.41.17
[email protected]
b36159563452d9a837a5e566ad2a1e44
a56edfef94008c77abfb4e151df934d9
57015267d06b0d80721015ccd29a04cd
5e9a80d3d4f71ecd8bf8e579a5e2449c
1dee4c60fffcc80eb4bbd523eedab2f4
157d1b1798f0f370a95125253e039c18
baf164d2a5066cab5772dc6ae4807f43
8c84d7f559cf0947fbf1981a0acb8a35
85f5075610661c9706571a33548d7585
a87659641e00d724de5662b14fe142e8
af999c3c615b56691d75e8c877e185fb
f692c1dd797f68c34744a377482c4ed4
7df07ecb0b516df085a5ee95ed8e6560
b77e4e9f5897f00dcbd08b2ee9bde7e8
976ad041832082f2d304df12b61457cb
b13ffe7b8e351291250f1a3a855134aa
b99c1d9bf70be5172a8b36b098c67ee5
522a122f3cd4c488a51d81c846bfabbb
acd2d728ee4d1110521524c1eac6204e
f51a2ccb4b9b2bf163c81b525bfac08e
a9d80e7fe3f217ea4d33f8a4a0f3f73c
6cbc007799b56682ac196e44d79e496d
d0a8cd7584547bdb2959f0d1008e6871
5be0527f5c84208371761cee852f0d7c
c2f88038d431bb190454fae02225e639
0cb6e67f23ccebc3727f755be5140497
1808bd4919c5943096a4a19784d6b8de
5076c579e378f976a57e862e5b6a7859
10ce9409d8d1e72ea6439bec7cd7e4cd
74b1d5f857a4245aef8189ac4f409a99
30d5f17d5e3f85be18220a7cab0b9fff
45ed6abfc12be606bdbcfe76bd17b2af
8c561a53085651d7f47b24129c2cd2d0