Security News > 2020 > October > U.S. Shares Information on North Korean Threat Actor 'Kimsuky'
An alert released by the United States this week provides information on Kimsuky, a threat actor focused on gathering intelligence on behalf of the North Korean government.
The malicious cyber activity associated with the North Korean government is typically referred to as HIDDEN COBRA by the United States.
For information gathering purposes, Kimsuky targets Hangul Word Processor and Microsoft Office documents, and uses web shells for file upload, download, and deletion.
To escalate privileges, the threat actor uses scripts placed in the Startup folder, newly created services, modified file associations, and malicious code injected into explorer.
In their joint alert, CISA, the FBI and USCYBERCOM also provide information on methods Kimsuky employs for defense evasion, its use of various tools for credential harvesting, memory dumping, and system information enumeration, how system data is collected, and the targeting of macOS systems.