Kimsuky (also known as Thallium, Black Banshee and Velvet Chollima) is a prolific and active threat actor primarily targeting Korea-related entities. Like other sophisticated adversaries, this group also updates its tools very quickly. In early 2022, we observed this group was attacking the media and a think-tank in South Korea and reported technical details to our threat intelligence customer.
ADVERSARY: Kimsuky
INDUSTRIES: Journalists, Education
TARGETED COUNTRIES: Afghanistan, Korea, Republic of, Korea, Democratic People's Republic of
MALWARE FAMILY: Kimsuky
ATT&CK IDS: T1105 - Ingress Tool Transfer, T1566 - Phishing, T1140 - Deobfuscate/Decode Files or Information, T1218 - Signed Binary Proxy Execution, T1059 - Command and Scripting Interpreter, T1104 - Multi-Stage Channels, T1056 - Input Capture
Read More:
Comments