Analyzing threat actor Kimsuky email phishing campaign
Essential information
- Published
- 04/12/2024 20:43
- Modified
- 04/12/2024 21:50
- Tags
- 2024-12-04 credential-theft impersonation malwareless north korea phishing
- Related entities
- 24 observables, 1 intrusion sets (apt), 12 techniques (mitre)
Description
The report provides an in-depth analysis of the email phishing campaigns conducted by the Kimsuky threat actor group. It highlights their tactics of using diverse themes and subjects to pique the curiosity of recipients, targeting researchers and individuals related to North Korean affairs in an attempt to hijack accounts over several years. The report reveals how the group changes their attack staging servers from Japan to Russia to evade detection, employs malwareless attack strategies using finance-related lures, and underscores the need for proactive security measures against known phishing IP addresses using EDR products.