Inside the Kimsuky Leak: How the “Kim” Dump Exposed North Korea’s Credential Theft Playbook
Contents
Inside the Kimsuky Leak: How the “Kim” Dump Exposed North Korea’s Credential Theft Playbook
Contents:
Part I: Technical Analysis
Part II: Goals Analysis
Part III: Threat Intelligence Report
Executive Summary
A rare and revealing breach attributed to a North Korean-affiliated actor, known only as “Kim” as named by the hackers who dumped the data, has delivered a new insight into Kimsuky (APT43) tactics, techniques, and infrastructure. This actor’s operational profile showcases credential-focused intrusions targeting South Korean and Taiwanese networks, with a blending of Chinese-language tooling, infrastructure, and possible logistical support. The “Kim” dump, which includes bash histories, phishing domains, OCR workflows, compiled stagers, and rootkit evidence, reflects a hybrid operation situated between DPRK attribution and Chinese resource utilization.
This report is broken down into three parts:
- Technical Analysis of the dump materials
- Motivation and Goals of the APT actor (group)
- A CTI report compartment for analysts
While this leak only gives a partial idea of what the Kimusky/PRC …
Contents:
Part I: Technical Analysis
Part II: Goals Analysis
Part III: Threat Intelligence Report
Executive Summary
A rare and revealing breach attributed to a North Korean-affiliated actor, known only as “Kim” as named by the hackers who dumped the data, has delivered a new insight into Kimsuky (APT43) tactics, techniques, and infrastructure. This actor’s operational profile showcases credential-focused intrusions targeting South Korean and Taiwanese networks, with a blending of Chinese-language tooling, infrastructure, and possible logistical support. The “Kim” dump, which includes bash histories, phishing domains, OCR workflows, compiled stagers, and rootkit evidence, reflects a hybrid operation situated between DPRK attribution and Chinese resource utilization.
This report is broken down into three parts:
- Technical Analysis of the dump materials
- Motivation and Goals of the APT actor (group)
- A CTI report compartment for analysts
While this leak only gives a partial idea of what the Kimusky/PRC …
IoC
http://baidu.com
http://192.168.0.0/16
http://html-load.com
http://caa.org.tw/.git/
http://zhihu.com
http://mofa.go.kr
http://122.114.233.77
http://118.163.30.45
http://218.92.0.210
http://mlogin.mdfapps.com
http://dtc-tpe.com.tw
http://192.168.130.117
http://koala-app.com
http://163.29.3.119
http://23.95.213.210
http://spo.go.kr
http://59.125.159.81
http://gva.gpki.go.kr
http://118.163.30.46
http://tw.systexcloud.com
http://163.29.3.0/24
http://dcc.mil.kr
http://192.168.150.117
http://ivs.gpki.go.kr
http://webcloud-notice.com
http://gitee.com
http://192.168.0.39
http://caa.org.tw
http://59.125.159.254
http://59.125.159.0
http://wuzak.com
http://nid-security.com
192.168.0.0
59.125.159.81
192.168.150.117
218.92.0.210
118.163.30.46
122.114.233.77
192.168.0.39
23.95.213.210
59.125.159.0
192.168.130.117
163.29.3.0
118.163.30.45
163.29.3.119
59.125.159.254
[email protected]
[email protected]
http://192.168.0.0/16
http://html-load.com
http://caa.org.tw/.git/
http://zhihu.com
http://mofa.go.kr
http://122.114.233.77
http://118.163.30.45
http://218.92.0.210
http://mlogin.mdfapps.com
http://dtc-tpe.com.tw
http://192.168.130.117
http://koala-app.com
http://163.29.3.119
http://23.95.213.210
http://spo.go.kr
http://59.125.159.81
http://gva.gpki.go.kr
http://118.163.30.46
http://tw.systexcloud.com
http://163.29.3.0/24
http://dcc.mil.kr
http://192.168.150.117
http://ivs.gpki.go.kr
http://webcloud-notice.com
http://gitee.com
http://192.168.0.39
http://caa.org.tw
http://59.125.159.254
http://59.125.159.0
http://wuzak.com
http://nid-security.com
192.168.0.0
59.125.159.81
192.168.150.117
218.92.0.210
118.163.30.46
122.114.233.77
192.168.0.39
23.95.213.210
59.125.159.0
192.168.130.117
163.29.3.0
118.163.30.45
163.29.3.119
59.125.159.254
[email protected]
[email protected]