lazarusholic

Everyday is lazarus.dayβ

Kimsuky's Phishing and Payload Tactics

2024-07-16, Rapid7
https://www.rapid7.com/globalassets/_pdfs/whitepaperguide/rapid7-Kimsukys-Phishing-and-Payload-Tactics_wp.pdf
rapid7-Kimsukys-Phishing-and-Payload-Tactics_wp.pdf, 7.8 MB
#Kimsuky

Contents

W H I T E PA P E R

Kimsuky’s Phishing and
Payload Tactics
Matthew Green - Principal Threat Analyst
Natalie Zargarov - Senior Security Researcher
Anna Širokova - Security Researcher, Threat Analytics


Contents

Executive Summary

3

Delivery

4

Payloads

7

Conclusion

16

References

17

2


Executive Summary
The purpose of this white paper is to detail the tactics of the APT Group known as
Kimsuky. In particular, it details their capabilities related to targeting organizations,
and their payload tactics. Within this paper we will outline the lures used in active
campaigns, as well as emerging payload tactics that we have observed. All TTPs
detailed within this white paper are incorporated into detection coverage across
the Rapid7 portfolio, as detailed within the final section.
Kimsuky operates under the administrative control of a unit within North Korea’s
Reconnaissance General Bureau (RGB). The RGB oversees this network of cyber
operatives and their activities. The data stolen by Kimsuky is shared with other
North Korean cyber actors to further the RGB’s objectives.[source]
Kimsuky is an extremely active threat actor that …