top of page
Search

Kimsuky’s GoldDragon cluster and its C2 operations

Kimsuky (also known as Thallium, Black Banshee and Velvet Chollima) is a prolific and active threat actor primarily targeting Korea-related entities. Like other sophisticated adversaries, this group also updates its tools very quickly. In early 2022, we observed this group was attacking the media and a think-tank in South Korea and reported technical details to our threat intelligence customer.




ADVERSARY: Kimsuky


INDUSTRIES: Journalists, Education



MALWARE FAMILY: Kimsuky


ATT&CK IDS: T1105 - Ingress Tool Transfer, T1566 - Phishing, T1140 - Deobfuscate/Decode Files or Information, T1218 - Signed Binary Proxy Execution, T1059 - Command and Scripting Interpreter, T1104 - Multi-Stage Channels, T1056 - Input Capture


Read More:

1 view

Comments


Commenting has been turned off.
bottom of page