Kimsuky
Contents
Kimsuky
Country: Democratic People's Republic of Korea (DPRK) Organization: Reconnaissance General Bureau (RGB) Objective: Espionage, Cryptocurrency Theft (Page last updated January 20, 2025)
Aliases:
- APT43 (Mandiant)
- APT-C-55 (Qihoo 360)
- ARCHIPELAGO (Google TAG)
- Black Banshee (PwC)
- Emerald Sleet (Microsoft)
- ITG16 (IBM)
- Kimsuky (ASEC, CISA, Cisco, Cybereason, Cyfirma, ESTsecurity, ETDA, Genians, Hunt.io, JPCERT/CC, Lazarusholic, Kaspersky, Malpedia, Malwarebytes, MITRE, Rapid7, S2W, Securonix, SentinelOne, Wikipedia, Zscaler)
- KTA082 (Kroll)
- NICKEL KIMBALL (Secureworks)
- SharpTongue (Volexity)
- Sparkling Pisces (Unit 42)
- Springtail (Symantec)
- TA406 (Proofpoint)
- TA427 (Proofpoint)
- THALLIUM (formerly used by Microsoft)
- Velvet Chollima (CrowdStrike, Rapid7)
Links to Other Groups
- Konni (ESTsecurity)
- Lazarus Group (ESTsecurity)
Vulnerabilities Exploited
- CVE-2024-1709 (10.0 critical, in CISA's KEV Catalog) ConnectWise ScreenConnect Authentication Bypass Vulnerability Source: Kroll
The following seven vulnerabilities have the same source: Cyfirma
- CVE-2024-21338 (7.8 high, in CISA's KEV Catalog) Microsoft Windows Kernel Exposed IOCTL with Insufficient Access Control Vulnerability
- CVE-2021-44228 (10.0 critical, in CISA's KEV Catalog) Apache Log4j2 Remote Code Execution Vulnerability (aka Log4Shell).
- CVE-2017-17215 …
Country: Democratic People's Republic of Korea (DPRK) Organization: Reconnaissance General Bureau (RGB) Objective: Espionage, Cryptocurrency Theft (Page last updated January 20, 2025)
Aliases:
- APT43 (Mandiant)
- APT-C-55 (Qihoo 360)
- ARCHIPELAGO (Google TAG)
- Black Banshee (PwC)
- Emerald Sleet (Microsoft)
- ITG16 (IBM)
- Kimsuky (ASEC, CISA, Cisco, Cybereason, Cyfirma, ESTsecurity, ETDA, Genians, Hunt.io, JPCERT/CC, Lazarusholic, Kaspersky, Malpedia, Malwarebytes, MITRE, Rapid7, S2W, Securonix, SentinelOne, Wikipedia, Zscaler)
- KTA082 (Kroll)
- NICKEL KIMBALL (Secureworks)
- SharpTongue (Volexity)
- Sparkling Pisces (Unit 42)
- Springtail (Symantec)
- TA406 (Proofpoint)
- TA427 (Proofpoint)
- THALLIUM (formerly used by Microsoft)
- Velvet Chollima (CrowdStrike, Rapid7)
Links to Other Groups
- Konni (ESTsecurity)
- Lazarus Group (ESTsecurity)
Vulnerabilities Exploited
- CVE-2024-1709 (10.0 critical, in CISA's KEV Catalog) ConnectWise ScreenConnect Authentication Bypass Vulnerability Source: Kroll
The following seven vulnerabilities have the same source: Cyfirma
- CVE-2024-21338 (7.8 high, in CISA's KEV Catalog) Microsoft Windows Kernel Exposed IOCTL with Insufficient Access Control Vulnerability
- CVE-2021-44228 (10.0 critical, in CISA's KEV Catalog) Apache Log4j2 Remote Code Execution Vulnerability (aka Log4Shell).
- CVE-2017-17215 …