lazarusholic

2023-03-28, Bridewell
https://www.bridewell.com/insights/news/detail/bridewell-intelligence-report-kimsuky-apt-group---key-insights-for-uk-energy-cisos
#Kimsuky

The Bridewell Cyber Threat Intelligence (CTI) team is committed to providing timely and actionable intelligence for our clients and the wider cybersecurity community. Recently, we reviewed the joint cyber security advisory published on March 20th, 2023 by the German domestic intelligence agency, Bundesamt für Verfassungsschutz (BfV), and the South Korean National Intelligence Service (NIS) on the North Korean Advanced Persistent Threat (APT) group, Kimsuky. Following our in-depth analysis of the malware and its associated indicators, we are now sharing new insights specifically focused on the energy sector to help UK energy companies bolster their cyber defenses.

Background
Kimsuky, also known as Velvet Chollima, Thallium, and Black Banshee, is a North Korean APT group that has been active since at least 2012. The group's primary objective is cyber-espionage, targeting government organisations, research institutes, and think-tanks in South Korea, Japan, the United States, and Europe. Kimsuky employs a range of tactics, techniques, and procedures …

209.127.36.73
220.123.200.183
220.84.114.158
45.114.129.146
58.229.169.224
61.253.107.35
92.38.135.136
92.38.135.148
92.38.135.159
92.38.135.166
92.38.135.195
92.38.135.213
92.38.160.10
92.38.160.131
92.38.160.140
92.38.160.155
92.38.160.161
92.38.160.172
92.38.160.23
92.38.160.4
92.38.160.43
92.38.160.44
92.38.160.81
92.38.160.84