Updated on 2022-12-29
The Kimsuky APT group is behind a phishing attack that targeted nearly 900 foreign policy experts from South Korea. The attack was intended to steal their personal information and later execute ransomware attacks. Read more: 기자·국회의원실등 사칭 전자우편 발송사건, 북 해킹조직 소행으로 확인
Updated on 2022-12-14: When Asking Nicely Is Easier Than Hacking
Instead of having to pilfer intelligence, North Korean spies are simply asking nicely. By posing as researchers or academics, the Thallium or Kimsuky group engages with political and foreign affairs experts to gather intelligence. Reuters writes “in some cases, the attackers have commissioned papers, and analysts had provided full reports or manuscript reviews before realising” they were being duped. Read more: North Korean cyber spies deploy new tactic: tricking foreign experts into writing research for them
Updated on 2022-12-13: Thallium/Kimsuky APT
Members of the Thallium (Kimsuky) North Korean cyber-espionage group have been impersonating think tank members to reach out to political and foreign affairs analysts in order to ask for feedback and commission papers on various North Korean policy topics. Experts believe the hacking group is trying to assess how various governments, both in the West and across Asia, might respond to various North Korean actions. Read more: North Korean cyber spies deploy new tactic: tricking foreign experts into writing research for them
Updated on 2022-12-07
Chinese security firm QiAnXin has a report out on a recent surge in attacks from the Kimsuky APT in light of a recent US-South Korea joint military exercise. Read more: 来自Kimsuky组织的突刺:多种攻击武器针对韩国的定向猎杀
Updated on 2022-11-29
Qihoo 360 has published a report on the Kimsuky APT and its recent campaigns employing the BabyShark malware. Read more: APT-C-55(Kimsuky)组织以IBM公司安全产品为诱饵的攻击活动分析
Updated on 2022-10-28
AhnLab documented a phishing campaign carried out by the Kimsuky North Korean APT targeting various companies working in the nuclear power plant sector. The final payload in these attacks was the AppleSeed malware. Read more: 원자력 발전소 관련 기업 대상으로 AppleSeed 유포
Updated on 2022-10-27
North Korea-based Kimsuky APT group was found leveraging three different Android malware variants—FastSpy, FastFire, and FastViewer—to target South Korea. Read more: Kimsuky Hackers Spotted Using 3 New Android Malware to Target South Koreans
Updated on 2022-10-26: Kimsuky’s Android arsenal
South Korean cybersecurity firm S2W Talon published a report on FastFire, FastViewer, and FastSpy, three Android malware strains they linked to Kimsuky, one of North Korean state-sponsored hacking groups. Read more: Unveil the evolution of Kimsuky targeting Android devices with newly discovered mobile malware
AppleSeed
South Korean security firm AhnLab has found copies of AppleSeed, a malware strain linked to the Kimsuky APT, being spread as router firmware updates.