The North Korean cyber-threat group “Kimsuky” has caught the attention of the US Cybersecurity and Infrastructure Security Agency (CISA), having proved itself a significant advanced persistent threat (APT). The agency published an advisory describing the group’s tactics, techniques, and procedures (TTPs), which are inflicted on individuals, as well as organizations, and range from spearphishing and social engineering to evasion and data exfiltration. The tactics are not novel, but some of the tools are, cementing Kimsuky’s place under North Korea’s “HIDDEN COBRA” umbrella, as a threat at least equal to the infamous “Lazarus Group”. Unlike the latter, Kimsuky is focused solely on intelligence gathering, and will likely maintain that focus into the long-term future.
Other content in this Stream
Weekly: FunnyDream, Ragnar Locker on Facebook, and Egregor Ransom Notes
ShadowTalk hosts Kacey, Alec, and Charles, bring you the latest in threat intelligence.
Weekly Intelligence Summary 20 November
“CostaRicto” has become the fourth cyber-mercenary group to be discovered in 2020.
Weekly: RegretLocker, OceanLotus, Millions Seized in Cryptocurrency, and more!
ShadowTalk hosts Stefano, Kim, Dylan, and Adam bring you the latest in threat intelligence.
Weekly: SandWorm Indicted by DOJ, Darkside Has A Soft Spot, and Ryuk's Super Speedy Attack!
ShadowTalk hosts Kacey, Alec, Austin, and Digital Shadows CISO Rick bring you the latest in threat intelligence.
Weekly Intelligence Summary 23 October 2020
A ruthless, ever-evolving cyber-threat group, “FIN11”, has been discovered deploying “Clop”: ransomware that encrypts and exfiltrates data.
Weekly: Sanctions from the DOT, Fancy Bear Targets the US Government, and Foreign Spies in Disguise!
ShadowTalk hosts Kacey, Alec, Charles and Digital Shadows CISO Rick bring you the latest in threat intelligence.
Exposed Access Key Datasheet
SearchLight provides an industry-leading and scalable way to detect exposed access keys in near-real-time, complete with the context and guidance needed to effectively triage and respond.
Weekly: Law Enforcement Cracks Down On Cybercriminals, Fancy Bear Goes Phishing, And More
ShadowTalk hosts Kacey, Charles, Alec and Digital Shadows CISO Rick bring you the latest in threat intelligence.
Weekly: Ed Merrett Joins To Talk HackableYou And The Latest In Threat Intel
This week, Viktoria is joined by ShadowTalk residents Adam and Kim, and on this episode, they speak to guest Ed Merrett, founder of HackableYou, the cybersecurity podcast.
Weekly: The Team Talks Baka, Epic Manchego, and Smaug, Plus Emotet Rides Again
This week’s host Kacey is joined by Charles and Alec to bring you the latest in threat intelligence.
Weekly: New Zealand Stock Exchange faces DDoS, Tesla avoids cyberattack, and Pioneer Kitten updates
Adam, Kim, Demelza and Stefano discuss the latest threat intel updates.
Special: Guest David Bianco Talks Origin Story, Pyramid of Pain, and More
ShadowTalk hosts Alex and Digital Shadows CISO, Rick, talk to special guest David about his beginnings in the cybersecurity space, the Pyramid of Pain, and threat hunting. Pyramid of Pain:...
26:38Ransomware Round-Up: Trends in Q2 - August 2020
The Digital Shadows Photon Research team review ransomware variants observed this year and dive into how security teams can strengthen their operations in response to the recent trends.
Weekly: Photon Team Talks BeagleBoys, DarkSide, and DeathStalker, oh my!
ShadowTalk hosts Kacey, Alec, Charles, and Rick bring you the latest in threat intel.
From Exposure to Takeover: The 15 billion stolen credentials allowing account takeover
Over the past 2.5 years, we have been analyzing how cybercriminals conspire to prey upon users of online services by “taking over” the accounts they all use...
Weekly: Emotet Gets a Vaccine, NSA Drovorub Advisory, and North Korean Activity plus Bureau 121
ShadowTalk hosts Viktoria, Adam, Dylan, and Stefano bring you the latest in threat intel.
2020 Cyber Threat Intelligence Estimate
Digital Shadows has contributed to Optiv's 2020 Threat Intelligence Landscape Estimate, which provides a view of the cyber-threat landscape to help organizations mitigate risk and strengthen their...
Weekly: CWT pays ransom, data leaked for 900+ Pulse Secure Servers, EU issues first cyber sanctions
In this week’s episode, Viktoria is joined by Kim, Dylan and Demelza to discuss the latest threat intelligence.
Special: Guest Geoff White Talks Best-Selling Book Crime Dot Com
ShadowTalk hosts Viktoria and James talk to special guest Geoff about his best selling book Crime Dot Com.
Weekly: Garmin ransomware attack, QSnatch malware, and ShinyHunters Stage 2
This week it’s a full house with ShadowTalk hosts Alex, Kacey, Charles, Alec and Rick.