North Korean Group Kimsuky Targets Government Agencies With New Malware
According to cybersecurity researchers, a North Korean threat actor group called Kimsuky has been utilizing a never before seen malware in attacks on government agencies and human rights activists. Kimsuky is also referred to as Black Banshee, Thallium, and Velvet Chollima. The group has been active since 2012 and primarily targets think tanks in South Korea, but has been expanding its operations to reach Europe, the US, and Russia.
The US government published an advisory warning Americans about the potential cyber risk, containing information on the groups’ activities, tactics, techniques, and procedures. Cyber group Nocturnus found that the new malware, KGH_SPY, appears to only be a few months old, however, it may have been used in recent cyberattacks against human rights activists. Researchers have connected Kimsuky to the malware due to recent attack overlaps with associated infrastructure as well as code similarities with known Kimsuky malware.