The North Korean cyber-threat group “Kimsuky” has caught the attention of the US Cybersecurity and Infrastructure Security Agency (CISA), having proved itself a significant advanced persistent threat (APT). The agency published an advisory describing the group’s tactics, techniques, and procedures (TTPs), which are inflicted on individuals, as well as organizations, and range from spearphishing and social engineering to evasion and data exfiltration. The tactics are not novel, but some of the tools are, cementing Kimsuky’s place under North Korea’s “HIDDEN COBRA” umbrella, as a threat at least equal to the infamous “Lazarus Group”. Unlike the latter, Kimsuky is focused solely on intelligence gathering, and will likely maintain that focus into the long-term future.
Most Recent Flipbooks
Weekly Intelligence Summary 26 February
The People’s Republic of China-linked advanced persistent threat group “APT31” reportedly cloned and deployed a zero-day exploit developed by NSA's Equation Group in 2013.
Weekly Intelligence Summary 19 February
An unidentified attacker accessed the computer systems of a water treatment facility in the US, altering sodium hydroxide levels in the potable water supply.
Weekly Intelligence Summary 12 February
Following the disclosure of the SolarWinds supply-chain compromise in December 2020, details continue to emerge about the scale of the attack.
Weekly Intelligence Summary 05 February
The North Korean advanced persistent threat (APT) group “ZINC” has been targeting cyber-security professionals with social engineering that leads to malware delivery.
Weekly Intelligence Summary 29 January
A new web portal is aiding cyber-threat incident responders by detailing vulnerabilities in popular malware.
Weekly Intelligence Summary 22 January
Technical analysis of a cyber-threat campaign using the dangerous and widespread “Lokibot” malware has revealed an updated method being used to conduct sophisticated attacks.
Weekly Intelligence Summary 15 January
A cyber-security firm released a free decryptor for the popular and sophisticated “DarkSide” ransomware.
Weekly Intelligence Summary 08 January
The cyber-security industry learned some valuable lessons during the unique and unprecedented year of 2020.
Weekly Intelligence Summary 23 December
The notorious Automated Vending Cart (AVC) website Joker’s Stash allegedly displayed a notification that the site was seized by law-enforcement agencies.
Weekly Intelligence Summary 18 December
SolarWinds confirmed that its network management system, Orion Platform, was exploited to conduct a highly sophisticated, manual supply-chain attack.
Weekly Intelligence Summary 11 December
A global spearphishing campaign targeted organizations associated with a COVID-19 vaccine cold chain.
Weekly Intelligence Summary 4 December
A threat actor recently hijacked a vulnerable WordPress website set up by a security researcher.
Weekly Intelligence Summary 27 November
The operators of the “RagnarLocker” ransomware began an advertising campaign on Facebook to further extort the victim of one of their recent attacks.
Weekly Intelligence Summary 20 November
“CostaRicto” has become the fourth cyber-mercenary group to be discovered in 2020.
Weekly Intelligence Summary 06 November 2020
The developers of the infamous “Maze” ransomware claimed to have permanently ceased operations.
Weekly Intelligence Summary 30 October 2020
After a short hiatus, the “Ryuk” ransomware variant is back with upgrades, including the ability to fully encrypt data in just five hours.
Weekly Intelligence Summary 23 October 2020
A ruthless, ever-evolving cyber-threat group, “FIN11”, has been discovered deploying “Clop”: ransomware that encrypts and exfiltrates data.
Weekly Intelligence Summary 16 October 2020
Advanced persistent threat groups linked to China and Iran have conducted cyber espionage through front companies, under the guise of legitimate technology services.
Weekly Intelligence Summary 09 October 2020
The source code of several operating systems (OS) developed by Microsoft has been published online, sparking public concerns about security.
Weekly Intelligence Summary 02 October 2020
Ransomware encrypted and disabled the systems of Universal Health Services (UHS) hospitals in the US this week, in yet another example of threat actors targeting the healthcare sector.