Go-ing Arsenal: A Closer Look at Kimsuky’s Go Strategic Advancement
Contents
[VirusBulletin 2024] Go-ing Arsenal: A Closer Look at Kimsuky’s Go Strategic Advancement
Author: Jiho Kim | S2W TALON
Executive Summary
The North Korean APT group Kimsuky(a.k.a Emerald Sleet, APT43, Springtail) has been active since at least 2013, initially targeting government ministries in South Korea, but has since conducted attacks against targets engaged in media, research, politics, and diplomacy around the world. The group primarily uses spear phishing attacks to distribute malware and attempt to take over accounts to harvest data. The group has primarily targeted Windows environments, but there have been instances of attacks on Android.
Talon, the threat research and intelligence center of S2W, has continuously tracked the activities of the Kimsuky group and discovered additional samples like the previously known AppleSeed. We named AlphaSeed, Troll Stealer and GoBear.
In February 2024, S2W disclosed Kimsuky group’s attack campaign that exhibited a different pattern from previous ones. This campaign employed novel techniques, such as disguising …
Author: Jiho Kim | S2W TALON
Executive Summary
The North Korean APT group Kimsuky(a.k.a Emerald Sleet, APT43, Springtail) has been active since at least 2013, initially targeting government ministries in South Korea, but has since conducted attacks against targets engaged in media, research, politics, and diplomacy around the world. The group primarily uses spear phishing attacks to distribute malware and attempt to take over accounts to harvest data. The group has primarily targeted Windows environments, but there have been instances of attacks on Android.
Talon, the threat research and intelligence center of S2W, has continuously tracked the activities of the Kimsuky group and discovered additional samples like the previously known AppleSeed. We named AlphaSeed, Troll Stealer and GoBear.
In February 2024, S2W disclosed Kimsuky group’s attack campaign that exhibited a different pattern from previous ones. This campaign employed novel techniques, such as disguising …