Tracking ‘Kimsuky’, the North Korea-based cyber espionage group: Part 2
Contents
09 March, 2020
In 2019, PwC observed an increase in activity by North Korea-based threat actor Black Banshee, also known as ‘Kimsuky’.
In our previous blog, we examined some of the tradecraft exhibited by Black Banshee in its infrastructure setup. We discussed the threat actor’s reliance on certain IP ranges and domains, as well as its naming conventions for malicious domains and command and control server paths.
In this article we look at how the threat actor’s 2019 campaigns (even those continuing into 2020) can be broadly grouped into three main “clusters” – and how all these, in turn, are complementary to its overarching strategic objectives in the context of current international relations.
Investigating Black Banshee’s 2019 activity, and the infrastructure patterns emerging across different campaigns and connecting them, we identified a number of activity “clusters”. Such clusters of campaigns and operations – identified based on our own datasets as well as excellent open …
In 2019, PwC observed an increase in activity by North Korea-based threat actor Black Banshee, also known as ‘Kimsuky’.
In our previous blog, we examined some of the tradecraft exhibited by Black Banshee in its infrastructure setup. We discussed the threat actor’s reliance on certain IP ranges and domains, as well as its naming conventions for malicious domains and command and control server paths.
In this article we look at how the threat actor’s 2019 campaigns (even those continuing into 2020) can be broadly grouped into three main “clusters” – and how all these, in turn, are complementary to its overarching strategic objectives in the context of current international relations.
Investigating Black Banshee’s 2019 activity, and the infrastructure patterns emerging across different campaigns and connecting them, we identified a number of activity “clusters”. Such clusters of campaigns and operations – identified based on our own datasets as well as excellent open …