Skip to Content

Thallium Kimsuky APT Asking Nicely

Updated on 2022-12-29

The Kimsuky APT group is behind a phishing attack that targeted nearly 900 foreign policy experts from South Korea. The attack was intended to steal their personal information and later execute ransomware attacks. Read more: 기자·국회의원실등 사칭 전자우편 발송사건, 북 해킹조직 소행으로 확인

Updated on 2022-12-14: When Asking Nicely Is Easier Than Hacking

Instead of having to pilfer intelligence, North Korean spies are simply asking nicely. By posing as researchers or academics, the Thallium or Kimsuky group engages with political and foreign affairs experts to gather intelligence. Reuters writes “in some cases, the attackers have commissioned papers, and analysts had provided full reports or manuscript reviews before realising” they were being duped. Read more: North Korean cyber spies deploy new tactic: tricking foreign experts into writing research for them

Updated on 2022-12-13: Thallium/Kimsuky APT

Members of the Thallium (Kimsuky) North Korean cyber-espionage group have been impersonating think tank members to reach out to political and foreign affairs analysts in order to ask for feedback and commission papers on various North Korean policy topics. Experts believe the hacking group is trying to assess how various governments, both in the West and across Asia, might respond to various North Korean actions. Read more: North Korean cyber spies deploy new tactic: tricking foreign experts into writing research for them

Updated on 2022-12-07

Chinese security firm QiAnXin has a report out on a recent surge in attacks from the Kimsuky APT in light of a recent US-South Korea joint military exercise. Read more: 来自Kimsuky组织的突刺:多种攻击武器针对韩国的定向猎杀

Updated on 2022-11-29

Qihoo 360 has published a report on the Kimsuky APT and its recent campaigns employing the BabyShark malware. Read more: APT-C-55(Kimsuky)组织以IBM公司安全产品为诱饵的攻击活动分析

Updated on 2022-10-28

AhnLab documented a phishing campaign carried out by the Kimsuky North Korean APT targeting various companies working in the nuclear power plant sector. The final payload in these attacks was the AppleSeed malware. Read more: 원자력 발전소 관련 기업 대상으로 AppleSeed 유포

Updated on 2022-10-27

North Korea-based Kimsuky APT group was found leveraging three different Android malware variants—FastSpy, FastFire, and FastViewer—to target South Korea. Read more: Kimsuky Hackers Spotted Using 3 New Android Malware to Target South Koreans

Updated on 2022-10-26: Kimsuky’s Android arsenal

South Korean cybersecurity firm S2W Talon published a report on FastFire, FastViewer, and FastSpy, three Android malware strains they linked to Kimsuky, one of North Korean state-sponsored hacking groups. Read more: Unveil the evolution of Kimsuky targeting Android devices with newly discovered mobile malware


South Korean security firm AhnLab has found copies of AppleSeed, a malware strain linked to the Kimsuky APT, being spread as router firmware updates.

Alex Lim is a certified IT Technical Support Architect with over 15 years of experience in designing, implementing, and troubleshooting complex IT systems and networks. He has worked for leading IT companies, such as Microsoft, IBM, and Cisco, providing technical support and solutions to clients across various industries and sectors. Alex has a bachelor’s degree in computer science from the National University of Singapore and a master’s degree in information security from the Massachusetts Institute of Technology. He is also the author of several best-selling books on IT technical support, such as The IT Technical Support Handbook and Troubleshooting IT Systems and Networks. Alex lives in Bandar, Johore, Malaysia with his wife and two chilrdren. You can reach him at [email protected] or follow him on Website | Twitter | Facebook

    Ads Blocker Image Powered by Code Help Pro

    Your Support Matters...

    We run an independent site that is committed to delivering valuable content, but it comes with its challenges. Many of our readers use ad blockers, causing our advertising revenue to decline. Unlike some websites, we have not implemented paywalls to restrict access. Your support can make a significant difference. If you find this website useful and choose to support us, it would greatly secure our future. We appreciate your help. If you are currently using an ad blocker, please consider disabling it for our site. Thank you for your understanding and support.