Kimsuky: Infamous Threat Actor Churns Out More Advanced Malware
Contents
Authors: Nico Chiaravio & Gianluca Braga
The Hacker News recently published a story that discusses a joint communication among the German intelligence apparatus, the Federal Office for the Protection of the Constitution (BfV), and South Korea’s National Intelligence Service (NIS), warning readers about new tactics used by a North Korean threat actor called Kimsuky.
This actor, also known by Thalium and APT37, has been active since 2012 and has produced several campaigns using various techniques, from watering hole attacks to spear phishing and malware campaigns targeting different platforms, including Android and Chromium-based browsers. These techniques enabled the threat actor to access financial, personal, and client data. This organization was detected targeting Korean and German entities, and it’s believed that the main goal is to target government employees, military, manufacturing, academic, and the think tank of global diplomacy and security.
Kimsuky attacks demonstrate the level of coordination and sophistication involving a multi-step chain to …
The Hacker News recently published a story that discusses a joint communication among the German intelligence apparatus, the Federal Office for the Protection of the Constitution (BfV), and South Korea’s National Intelligence Service (NIS), warning readers about new tactics used by a North Korean threat actor called Kimsuky.
This actor, also known by Thalium and APT37, has been active since 2012 and has produced several campaigns using various techniques, from watering hole attacks to spear phishing and malware campaigns targeting different platforms, including Android and Chromium-based browsers. These techniques enabled the threat actor to access financial, personal, and client data. This organization was detected targeting Korean and German entities, and it’s believed that the main goal is to target government employees, military, manufacturing, academic, and the think tank of global diplomacy and security.
Kimsuky attacks demonstrate the level of coordination and sophistication involving a multi-step chain to …
IoC
04bb7e1a0b4f830ed7d1377a394bc717
23.102.122.16
3458daa0dffdc3fbb5c931f25d7a1ec0
89f97e1d68e274b03bc40f6e06e2ba9a
http://23.102.122.16
http://gonamod.com
http://lowerp.onlinewebshop.net
http://mc.pzs.kr
http://navernnail.com
http://siekis.com
23.102.122.16
3458daa0dffdc3fbb5c931f25d7a1ec0
89f97e1d68e274b03bc40f6e06e2ba9a
http://23.102.122.16
http://gonamod.com
http://lowerp.onlinewebshop.net
http://mc.pzs.kr
http://navernnail.com
http://siekis.com