Kimsuky
Contents
Kimsuky is a North Korea-based cyber espionage group that has been active since at least 2012. The group initially focused on targeting South Korean government entities, think tanks, and individuals identified as experts in various fields, and expanded its operations to include the United States, Russia, Europe, and the UN. Kimsuky has focused its intelligence collection activities on foreign policy and national security issues related to the Korean peninsula, nuclear policy, and sanctions.[1][2][3][4][5]
Kimsuky was assessed to be responsible for the 2014 Korea Hydro & Nuclear Power Co. compromise; other notable campaigns include Operation STOLEN PENCIL (2018), Operation Kabar Cobra (2019), and Operation Smoke Screen (2019).[6][7][8]
North Korean group definitions are known to have significant overlap, and some security researchers report all North Korean state-sponsored cyber activity under the name Lazarus Group instead of tracking clusters or subgroups.
|Name||Description|
|STOLEN PENCIL|
|Thallium|
|Black Banshee|
|Velvet Chollima|
|Domain||ID||Name||Use|
|Enterprise||T1098||Account Manipulation|
Kimsuky has added accounts to specific groups with
|Enterprise||T1583||.001||Acquire Infrastructure: Domains|
Kimsuky has …
Kimsuky was assessed to be responsible for the 2014 Korea Hydro & Nuclear Power Co. compromise; other notable campaigns include Operation STOLEN PENCIL (2018), Operation Kabar Cobra (2019), and Operation Smoke Screen (2019).[6][7][8]
North Korean group definitions are known to have significant overlap, and some security researchers report all North Korean state-sponsored cyber activity under the name Lazarus Group instead of tracking clusters or subgroups.
|Name||Description|
|STOLEN PENCIL|
|Thallium|
|Black Banshee|
|Velvet Chollima|
|Domain||ID||Name||Use|
|Enterprise||T1098||Account Manipulation|
Kimsuky has added accounts to specific groups with
|Enterprise||T1583||.001||Acquire Infrastructure: Domains|
Kimsuky has …