41.3 F
Washington D.C.
Friday, March 29, 2024

Back to the Future: Inside the Kimsuky KGH Spyware Suite

The Cybereason Nocturnus Team has been tracking various North Korean threat actors, among them the cyber espionage group known as Kimsuky, (aka: Velvet Chollima, Black Banshee and Thallium), which has been active since at least 2012 and is believed to be operating on behalf of the North Korean regime. The group has a rich and notorious history of offensive cyber operations around the world, including operations targeting South Korean think tanks, but over the past few years they have expanded their targeting to countries including the United States, Russia and various nations in Europe. Some of their observed targets include:

• Pharmaceutical/Research companies working on COVID-19 vaccines and therapies
• UN Security Council
• South Korean Ministry of Unification
• Various Human Rights Groups
• South Korean Institute for Defense Analysis
• Various Education and Academic Organizations
• Various Think Tanks
• Government Research Institutes
• Journalists covering Korean Peninsula relations
• South Korean Military

On October 27th, the US-CERT published a report summarizing Kimusky’s recent activities and describing the group’s TTPs and infrastructure.

Combining the information in the report with the intelligence accumulated by Cybereason Nocturnus over time, the researchers discovered a previously undocumented modular spyware suite dubbed KGH_SPY that provides Kimsuky with stealth capabilities to carry out espionage operations.

Read more at Cybereason

Back to the Future: Inside the Kimsuky KGH Spyware Suite Homeland Security Today
Homeland Security Today
The Government Technology & Services Coalition's Homeland Security Today (HSToday) is the premier news and information resource for the homeland security community, dedicated to elevating the discussions and insights that can support a safe and secure nation. A non-profit magazine and media platform, HSToday provides readers with the whole story, placing facts and comments in context to inform debate and drive realistic solutions to some of the nation’s most vexing security challenges.
Homeland Security Today
Homeland Security Todayhttp://www.hstoday.us
The Government Technology & Services Coalition's Homeland Security Today (HSToday) is the premier news and information resource for the homeland security community, dedicated to elevating the discussions and insights that can support a safe and secure nation. A non-profit magazine and media platform, HSToday provides readers with the whole story, placing facts and comments in context to inform debate and drive realistic solutions to some of the nation’s most vexing security challenges.

Related Articles

Latest Articles