Kimsuky Strikes Again | New Social Engineering Campaign Aims to Steal Credentials and Gather Strategic Intelligence
Contents
Executive Summary
- SentinelLabs has been tracking a social engineering campaign by the North Korean APT group Kimsuky targeting experts in North Korean affairs, part of a broader campaign discussed in a recent NSA advisory.
- The campaign has the objective of stealing Google and subscription credentials of a reputable news and analysis service focusing on North Korea, as well as delivering reconnaissance malware.
- Kimsuky engages in extensive email correspondence and uses spoofed URLs, websites imitating legitimate web platforms, and Office documents weaponized with the ReconShark malware.
- This activity indicates Kimsuky’s growing dedication to social engineering and highlights the group’s increasing interest in gathering strategic intelligence.
Overview
In collaboration with NK News, a leading subscription-based service that provides news and analyses about North Korea, SentinelLabs has been tracking a targeted social engineering campaign against experts in North Korean affairs from the non-government sector. The campaign focuses on theft of email credentials, delivery of reconnaissance …
- SentinelLabs has been tracking a social engineering campaign by the North Korean APT group Kimsuky targeting experts in North Korean affairs, part of a broader campaign discussed in a recent NSA advisory.
- The campaign has the objective of stealing Google and subscription credentials of a reputable news and analysis service focusing on North Korea, as well as delivering reconnaissance malware.
- Kimsuky engages in extensive email correspondence and uses spoofed URLs, websites imitating legitimate web platforms, and Office documents weaponized with the ReconShark malware.
- This activity indicates Kimsuky’s growing dedication to social engineering and highlights the group’s increasing interest in gathering strategic intelligence.
Overview
In collaboration with NK News, a leading subscription-based service that provides news and analyses about North Korea, SentinelLabs has been tracking a targeted social engineering campaign against experts in North Korean affairs from the non-government sector. The campaign focuses on theft of email credentials, delivery of reconnaissance …
IoC
162.0.209.27
4150B40C00D8AB2E960AA059159149AF3F9ADA09
41E39162AE3A6370B1100BE2B35BB09E2CBE9782
7514FD9E5667FC5085373704FE2EA959258C7595
a1597d197e9b084a043ada5c7dac1f9b6d7f7af3
http://162.0.209.27
http://https://drive-google.shanumedia.com/pdf/ul/ji78fghJHKtgfLKJIO/s2.php?menu=ZGFu...vbQ==
http://https://staradvertiser.store/piece/ca.php
http://https://staradvertiser.store/piece/r.php
http://https://www.nknews.pro
http://https://www.nknews.pro/config.php
http://https://www.nknews.pro/ip/register/
http://https://www.nknews.pro/ip/register/login.php
http://nknews.pro
http://rfa.ink
http://sesorin.lol
http://staradvertiser.store
https://nknews.org
4150B40C00D8AB2E960AA059159149AF3F9ADA09
41E39162AE3A6370B1100BE2B35BB09E2CBE9782
7514FD9E5667FC5085373704FE2EA959258C7595
a1597d197e9b084a043ada5c7dac1f9b6d7f7af3
http://162.0.209.27
http://https://drive-google.shanumedia.com/pdf/ul/ji78fghJHKtgfLKJIO/s2.php?menu=ZGFu...vbQ==
http://https://staradvertiser.store/piece/ca.php
http://https://staradvertiser.store/piece/r.php
http://https://www.nknews.pro
http://https://www.nknews.pro/config.php
http://https://www.nknews.pro/ip/register/
http://https://www.nknews.pro/ip/register/login.php
http://nknews.pro
http://rfa.ink
http://sesorin.lol
http://staradvertiser.store
https://nknews.org