Security News > 2022 > August > Researchers Uncover Kimusky Infra Targeting South Korean Politicians and Diplomats

The North Korean nation-state group Kimusky has been linked to a new set of malicious activities directed against political and diplomatic entities located in its southern counterpart in early 2022.

Included among the potential victims are South Korean university professors, think tank researchers, and government officials.

Kimsuky, also known as Black Banshee, Thallium, and Velvet Chollima, is the name given to a prolific North Korean advanced persistent threat group that targets entities globally, but with a primary focus on South Korea, to gain intelligence on various topics of interest to the regime.

Known to be operating since 2012, the group has a history of employing social engineering tactics, spear-phishing, and watering hole attacks to exfiltrate desired information from victims.

What's novel about the attack is the transmission of the victim's email address to the command-and-control server should the recipient click a link in the email to download additional documents.

To further complicate the kill chain, the first-stage C2 server forwards the victim's IP address to another VBS server, which then compares it with an incoming request that's generated after the target opens the lure document.

News URL

https://thehackernews.com/2022/08/researchers-uncover-kimusky-infra.html